Lead Security Engineer

Lead Security Engineer.

Location: Remote (USA).
Salary: $210K – $260K.
Employer: Fieldguide.

Responsibilities:
• Lead secure design reviews, threat modeling, and security-focused code reviews across the product and platform.
• Ensure security is ingrained into the SDLC so that the secure path is the easy path for engineers with secure-by-default libraries, patterns, and guardrails.
• Own authentication, authorization, API security, and data protection architecture for a multi-tenant SaaS platform.
• Architect and maintain security tooling integrated into CI/CD pipelines: static analysis, dependency scanning, secrets detection.
• Evaluate and mitigate risks specific to Fieldguide's AI Agents — prompt injection, data leakage through LLM contexts, unauthorized tool use, and unintended agent behaviors.
• Partner with Agent and Platform teams to define security boundaries for agent execution: sandboxing, least-privilege tool access, and runtime policy enforcement.
• Contribute to Fieldguide's approach to responsible AI, ensuring customer data is protected throughout the AI pipeline from ingestion through inference.
• Build and run Fieldguide’s vulnerability management program: scanning, triage, SLA-driven remediation tracking, and engineering coordination.
• Ensure visibility into vulnerability posture across application code, dependencies, and infrastructure.
• Manage external penetration testing engagements, bug bounty programs, and coordinate remediation of findings.
• Partner with infrastructure engineering to review and improve cloud security across our AWS environment: IAM, network architecture, secrets management, and logging.
• You don’t need to be an AWS infrastructure expert, but you should be comfortable identifying risks and recommending improvements.
• Ensure detection and monitoring capabilities are in place for security-relevant events via SIEM.
• Partner with Compliance to ensure technical controls satisfy framework requirements (SOC 2, ISO 27001, ISO 42001, FedRAMP).
• Help GTM teams articulate Fieldguide’s security posture to enterprise customers.
• Start as an individual contributor, but as the security program matures, hire and mentor security engineers. Set the culture and standards for how security operates at Fieldguide.

Requirements:
• 8+ years in security with a primary background in application security, product security, or security-focused software engineering.
• Track record of building or significantly maturing a security program, ideally at a growth-stage SaaS company.
• Strong programming skills with demonstrated experience writing production software.
• Familiarity with AWS security services and patterns: IAM, VPC, CloudTrail, KMS. You can identify misconfigurations and security gaps, even if you’re not the one writing Terraform.
• Experience with threat modeling methodologies and secure design review processes.
• Experience managing external penetration tests and coordinating remediation.
• Familiarity with AI/LLM security considerations and emerging risks in agentic AI systems is a plus.
• Experience supporting compliance frameworks (SOC 2, ISO 27001, NIST, FedRAMP) from the technical controls side is a plus.

⚡ Показать контакты

#Удаленка #ИБ