Security Engineer

Why this role matters nowAI is fundamentally changing the cybersecurity landscape. Frontier AI models are rapidly reducing the time, resources, and skill required to find and exploit software vulnerabilities.This works both ways: defenders who adopt AI tools can move just as fast. At Gamma, we believe security engineering must evolve to meet this moment. That means closing patch gaps faster, scanning our own code with the same frontier models an attacker would use, designing systems that hold even when an adversary has unlimited patience, and building incident response capabilities that can handle simultaneous, AI-accelerated threats.You’ll be building Gamma’s security posture for the age of AI-driven offense and defense. If you’re excited about leveraging AI to protect infrastructure at scale, this is the role.About The RoleYou’ll protect Gamma’s platform, infrastructure, and data as we scale to serve hundreds of millions of users. That means building security tooling and automation, partnering with engineering teams to embed security into everything we ship, and helping shape how the company thinks about security as a practice. You’ll work across the organization to identify and mitigate risks without slowing down development velocity.This role combines hands-on security engineering with strategic influence. You’ll write code to solve security problems, conduct architecture reviews, lead vulnerability management, and drive initiatives for compliance frameworks like SOC 2 and ISO 27001. You’ll work closely with engineering, product, and compliance to make security foundational rather than reactive.Our team has a strong in-office culture and works in person 4–5 days per week in San Francisco. We love working together to stay creative and connected, with flexibility to work from home when focus matters most.What You'll DoDesign and implement security controls across Gamma’s AWS infrastructure and application layerBuild security tooling and automation to detect, prevent, and respond to threats at scaleConduct security reviews of architecture designs, code, and infrastructure changesLead vulnerability management, coordinate bug bounty responses, and drive remediation prioritiesDevelop and maintain security monitoring, alerting, and incident response capabilitiesPartner with engineering teams on secure coding practices and threat modelingDeploy AI-assisted vulnerability scanning across our codebase and infrastructure—scanning our own systems with frontier models before attackers doBuild automated triage workflows that use AI to deduplicate findings, estimate exposure, and draft remediation ticketsDrive adoption of memory-safe languages and secure-by-design practices for new code, informed by current CISA and NCSC guidanceWhat You'll Bring5+ years of software engineering experience with at least 2–3 years focused on security engineering or application securityStrong hands-on experience securing AWS environments, including IAM, VPC, security groups, CloudTrail, and GuardDutyProficiency in at least one backend language (Python, TypeScript/Node.js, or Go preferred) with experience building security toolsDeep understanding of web application security including OWASP Top 10, common vulnerability classes, and authentication/authorization patterns, with experience implementing security controls in CI/CD pipelines and infrastructure-as-code (Terraform, CloudFormation)Clear communicator who works well embedded with product engineering teamsBackground in penetration testing, offensive security, and SIEM/log analysisNice to haveExperience at a high-growth SaaS startup navigating rapid scaling and complianceFamiliarity with AI/ML security tooling, including using frontier models for code scanning, automated pentesting, or threat detectionExperience building zero trust architecture or identity-aware access controls (FIDO2, short-lived tokens, hardware-bound credentials)Knowledge of supply chain security frameworks like SLSA, OpenSSF Scorecard, or SBOM toolingCompensation RangeThe base salary for this full-time position, which spans multiple internal levels depending on qualifications, ranges between $180K - $310K plus benefits & equity.Final offer amounts are determined by multiple factors, including but not limited to experience and expertise in the requirements listed above.If you're interested in this role but you don't meet every requirement, we encourage you to apply anyway! We're always excited about meeting great people.