Senior Security Engineer

Position Overview

• Location Type:
• Job Type:
• Salary: $150,000 - $185,000 USD

Arkestro's Predictive Procurement accelerates enterprise spend transformation, using AI and game theory to unlock trapped savings and reduce risk, enabling teams to influence significantly more spend. By combining AI with deep Negotiation Science, Supplier Science, and Process Science procurement teams can improve win-rates while strengthening supply chain agility.

As a fast-growing tech company, we’re looking for builders and innovators — people who thrive in the face of ambiguity and who have a selfless dedication to do whatever it takes to make Arkestro and our customers successful. We believe in egoless execution and we are looking for people who will work together to solve hard problems. If you're excited to help shape our future, contribute to our company culture, and help to drive our business forward there is a tremendous opportunity for you here at Arkestro! See Arkestro in action at arkestro.com.

We’re looking for a Senior Security Engineer to join our Security team and lead application security efforts across our platform. You’ll work closely with engineers, designers, and product managers to embed security into the development lifecycle, ensuring our customer-facing features are built with strong, scalable security foundations. This role is ideal for someone who enjoys working cross-functionally and driving security outcomes in fast-paced product environments.

Responsibilities

• Lead application security initiatives across multiple teams, proactively identifying and remediating risks in our code, architecture, and SDLC
• Collaborate with product engineers to design secure features and advocate for security best practices
• Drive threat modeling, security reviews, and tooling adoption to strengthen our security posture without hindering velocity
• Build and maintain security-focused tooling, automation, and CI/CD integrations to enable secure-by-default development
• Participate in security incident response and postmortem processes; help mature our detection and response capabilities
• Represent the security team in product planning meetings and drive alignment on secure architecture decisions
• Contribute to and maintain secure development standards and training to upskill engineering teams
• Participate in an on-call rotation, including handling security-related escalations

Technologies and Tools

• Frontend: React, TypeScript, AntD, Jest + React Testing Library
• Backend: Ruby, Rails, Node, Postgres, Redis, Sidekiq Pro, RSpec
• Fundamentals: Shell, SQL, config file and environment configuration
• Workflow and Deployment: Github, AWS, DataDog, Jira, Confluence, Sentry, Code Climate, Pagerduty Slack, Fellow

Preferred Qualifications

• 5+ years of experience working on or closely with engineering teams to secure customer-facing applications
• 4+ years experience securing (writing code) full-stack applications using modern JavaScript frameworks (React, TypeScript, NextJS) and backend technologies (Rails/Ruby preferred)
• 3+ years experience building or reviewing authentication, authorization, and session management flows
• 2+ years experience working in cloud-native environments (AWS preferred) with knowledge of container and service mesh security (e.g., Kubernetes, Istio)
• Familiarity with secure coding practices, static and dynamic analysis (e.g., Github Advanced Security, Semgrep, Snyk)
• Strong understanding of web application vulnerabilities (e.g., OWASP Top 10), threat modeling, and secure design principles
• Experience conducting security code reviews and participating in SDLC security checkpoints

Bonus Qualifications

• Experience establishing security controls and processes in fast-paced environments.
• Experience with incident response, security alert triage, or on-call rotations
• Hands-on experience with observability and alerting tools (e.g., Datadog, PagerDuty)

Company Information

Arkestro is committed to providing our employees with a benefits package design