CaptivateIQ

Security Engineer

North America

Not SpecifiedCompensation
Junior (1 to 2 years)Experience Level
Full TimeJob Type
UnknownVisa
Information Security, CybersecurityIndustries

Position Overview

  • Location Type: [Not Specified]
  • Job Type: Full-time
  • Salary: [Not Specified]

CaptivateIQ is the leading Sales Performance Management solution, recognized by Forrester and G2, and trusted by customers including Affirm, Gong, and Figma. With solutions for Sales Planning and Incentives, we help revenue teams automate processes, hit revenue targets, and adapt with business change, ultimately driving efficient growth. It's time to rethink ROI - your return on incentives - with CaptivateIQ.

With backing from Sequoia, Accel, ICONIQ, Sapphire Ventures, and other leading investors, CaptivateIQ is on a mission to enable every company to improve their return on incentives and sales planning.

Come and see why Glassdoor and Comparably have recognized CaptivateIQ as a best place to work!

About the role: Join our Cybersecurity Team and play a pivotal role in strengthening the security of our infrastructure, applications, and services. As a Security Engineer, you will apply your technical expertise across engineering, application security, and incident response to help scale and mature our security posture. This is a hands-on role that requires a collaborative mindset, strong problem-solving skills, and the ability to identify and respond to security challenges across attack surfaces.

You’ll work closely with Engineering, Product, and IT teams to embed security across the product lifecycle, triage and mitigate vulnerabilities, and proactively respond to security threats. If you're passionate about building secure systems, working cross-functionally, and making a meaningful impact in a fast-moving, product-led environment—this role is for you.

Responsibilities

  • Design and implement scalable security controls across cloud infrastructure, applications, and enterprise systems.
  • Partner with engineering teams to design secure architectures and assist in system and product development from requirements gathering through deployment.
  • Collaborate with developers to identify, triage, and remediate application and cloud security vulnerabilities (e.g., XSS, SSRF, CSRF, CORS, SQL Injection, broken authentication/authorization, encryption flaws).
  • Provide expert guidance on secure coding practices, common vulnerability classes (e.g., OWASP Top 10), and threat modeling for modern web applications.
  • Conduct security reviews of design and architecture documents; lead threat modeling exercises using frameworks such as STRIDE, PASTA, MITRE ATT&CK, and DREAD.
  • Build and refine detection and response capabilities using logs, alerts, and behavioral signals.
  • Lead or support incident response activities, including log analysis, querying, forensic investigation, threat mitigation, and root cause analysis.
  • Conduct internal security reviews, network scans, and targeted penetration tests of applications and infrastructure using common security tooling (e.g., Burp Suite, ZAP, Amass, Nmap).
  • Assess and mitigate static (SAST) and dynamic (DAST) vulnerabilities across services and components.
  • Evaluate, implement, and maintain security tooling to support vulnerability management, secure development, and event detection workflows.
  • Define and track metrics related to application security, vulnerability remediation, detection coverage, and incident response effectiveness.
  • Support compliance initiatives (e.g., SOC 2), contribute to control implementation, and assist with security documentation.
  • Contribute to internal security education and awareness by developing training materials and coaching engineers.

Requirements

  • Bachelor’s degree in Computer Science, Cybersecurity, or equivalent practical experience.
  • 6+ years of hands-on experience in cybersecurity, with demonstrated expertise in security engineering, application security, secure development, or security operations.
  • Deep understanding of web architectures and modern frameworks (e.g., Django, Node.js, React).
  • Expert-level scripting and automation skills (e.g., Python, Bash, PowerShell) for workflow automation, tooling, and log analysis.
  • Proficient in log analysis.

Skills

Cloud Security
Application Security
Incident Response
Security Architecture
Vulnerability Management
Security Controls
Cross-Functional Collaboration
Problem-Solving

CaptivateIQ

Sales commission automation and tracking platform

About CaptivateIQ

CaptivateIQ provides a sales commission solution that automates and simplifies the commission calculation process for sales teams. The platform integrates various data sources, allowing for real-time commission calculations and reducing the need for manual data entry. Its interface is designed to be user-friendly, resembling tools like Excel or Google Sheets, which makes it accessible to users without coding skills. What sets CaptivateIQ apart from its competitors is its ability to offer customizable reports and commission plans, ensuring that all team members are aligned and motivated. The goal of CaptivateIQ is to help sales-driven organizations optimize their incentive structures and enhance operational efficiency.

San Francisco, CaliforniaHeadquarters
2017Year Founded
$154.7MTotal Funding
SERIES_CCompany Stage
Fintech, Financial ServicesIndustries
201-500Employees

Benefits

Health Insurance
Paid Vacation
401(k) Company Match
Flexible Work Hours
Home Office Stipend
Professional Development Budget

Risks

Emerging fintech startups pose a competitive threat to CaptivateIQ's market share.
Continuous innovation in AI and machine learning may strain CaptivateIQ's resources.
Integration challenges with new features like SmartGrid could disrupt existing client systems.

Differentiation

CaptivateIQ offers a no-code platform for commission management, accessible to non-technical users.
The company provides real-time commission calculations, enhancing speed and accuracy for enterprises.
CaptivateIQ's customizable reports and plans align with personalized employee incentive structures.

Upsides

The rise of no-code platforms supports CaptivateIQ's user-friendly commission management approach.
CaptivateIQ's cloud-based platform benefits from the trend towards remote work solutions.
The subscription-based model offers predictable revenue streams, aligning with industry trends.

Land your dream remote job 3x faster with AI