Security Engineer

Position Overview

• Location Type: [Not Specified]
• Job Type: Full-time
• Salary: [Not Specified]

CaptivateIQ is the leading Sales Performance Management solution, recognized by Forrester and G2, and trusted by customers including Affirm, Gong, and Figma. With solutions for Sales Planning and Incentives, we help revenue teams automate processes, hit revenue targets, and adapt with business change, ultimately driving efficient growth. It's time to rethink ROI - your return on incentives - with CaptivateIQ.

With backing from Sequoia, Accel, ICONIQ, Sapphire Ventures, and other leading investors, CaptivateIQ is on a mission to enable every company to improve their return on incentives and sales planning.

Come and see why Glassdoor and Comparably have recognized CaptivateIQ as a best place to work!

About the role: Join our Cybersecurity Team and play a pivotal role in strengthening the security of our infrastructure, applications, and services. As a Security Engineer, you will apply your technical expertise across engineering, application security, and incident response to help scale and mature our security posture. This is a hands-on role that requires a collaborative mindset, strong problem-solving skills, and the ability to identify and respond to security challenges across attack surfaces.

You’ll work closely with Engineering, Product, and IT teams to embed security across the product lifecycle, triage and mitigate vulnerabilities, and proactively respond to security threats. If you're passionate about building secure systems, working cross-functionally, and making a meaningful impact in a fast-moving, product-led environment—this role is for you.

Responsibilities

• Design and implement scalable security controls across cloud infrastructure, applications, and enterprise systems.
• Partner with engineering teams to design secure architectures and assist in system and product development from requirements gathering through deployment.
• Collaborate with developers to identify, triage, and remediate application and cloud security vulnerabilities (e.g., XSS, SSRF, CSRF, CORS, SQL Injection, broken authentication/authorization, encryption flaws).
• Provide expert guidance on secure coding practices, common vulnerability classes (e.g., OWASP Top 10), and threat modeling for modern web applications.
• Conduct security reviews of design and architecture documents; lead threat modeling exercises using frameworks such as STRIDE, PASTA, MITRE ATT&CK, and DREAD.
• Build and refine detection and response capabilities using logs, alerts, and behavioral signals.
• Lead or support incident response activities, including log analysis, querying, forensic investigation, threat mitigation, and root cause analysis.
• Conduct internal security reviews, network scans, and targeted penetration tests of applications and infrastructure using common security tooling (e.g., Burp Suite, ZAP, Amass, Nmap).
• Assess and mitigate static (SAST) and dynamic (DAST) vulnerabilities across services and components.
• Evaluate, implement, and maintain security tooling to support vulnerability management, secure development, and event detection workflows.
• Define and track metrics related to application security, vulnerability remediation, detection coverage, and incident response effectiveness.
• Support compliance initiatives (e.g., SOC 2), contribute to control implementation, and assist with security documentation.
• Contribute to internal security education and awareness by developing training materials and coaching engineers.

Requirements

• Bachelor’s degree in Computer Science, Cybersecurity, or equivalent practical experience.
• 6+ years of hands-on experience in cybersecurity, with demonstrated expertise in security engineering, application security, secure development, or security operations.
• Deep understanding of web architectures and modern frameworks (e.g., Django, Node.js, React).
• Expert-level scripting and automation skills (e.g., Python, Bash, PowerShell) for workflow automation, tooling, and log analysis.
• Proficient in log analysis.