Staff Security Engineer

Salary: $221.8K - $369.6K Employment Type: Full-Time Location Type: Remote (or Hybrid in New York or San Francisco offices, 2 days/week)

Position Overview

Patreon is a leading media and community platform dedicated to empowering creators by providing tools to engage with their fans and build sustainable businesses. We facilitate paid memberships, free memberships, community chats, live experiences, and direct sales. Our mission is to fund the creative class, having facilitated over $8 billion in revenue, with 60 million+ free memberships and 10 million+ paid monthly memberships. We are seeking a Staff Security Engineer to join our team and contribute to our mission.

About the Team

Security is paramount at Patreon due to the sensitive nature of the data we handle, including payment methods, creator financial information, and personal data of patrons and creators. As an L6 Security Engineer, you will be a versatile member of the team, acting as an architect, operations specialist, developer, and consultant. You will own projects from conception to maintenance, collaborating with Engineering, Product, and DevOps to integrate security into all aspects of our operations.

Responsibilities

• Data Privacy & Deletion Tooling:
  • Design, build, and operate internal systems for data classification, retention, and automated deletion, ensuring compliance with GDPR, CCPA, and other regulations.
  • Integrate with downstream services and data stores for comprehensive coverage.
• Kubernetes Hardening:
  • Develop and enforce PodSecurityPolicies, NetworkPolicies, and admission controllers.
  • Write and enforce Open Policy Agent (OPA) rules.
  • Conduct threat modeling and risk assessments for Kubernetes clusters; automate remediation where possible.
• Security Automations:
  • Write robust Python scripts and applications to detect misconfigurations, enforce security guardrails, and streamline incident response.
  • Integrate with CI/CD pipelines (e.g., Terraform Cloud, GitHub Actions) for "shift-left" security practices.
• On-Call & Incident Response:
  • Participate in a quarterly rotation for 24/7 on-call support.
  • Respond to alerts and investigations, lead post-mortems, and drive continuous improvement.
• Bug Bounty & Vulnerability Management:
  • Partner with the bug bounty program: triage reports, reproduce and validate findings, and coordinate fixes with Engineering.
  • Track and report on program metrics, and engage with top researchers.
• Security Reviews & Advisory:
  • Review architectural and product changes, particularly high-risk components, providing actionable guidance and gating risky rollouts.
  • Educate engineering teams through workshops, documentation, and "security office hours."

About You

Professional Background

• Minimum of 7+ years of combined experience in Security Engineering, Security Software Engineer, DevSecOps, SRE, or related roles in an enterprise or cloud-native environment.
• Bachelor’s degree in Computer Science, Information Security, or a related field (or 8+ years of relevant experience in lieu of a degree).

Technical Expertise

• Strong foundation in one or more programming/scripting languages (e.g., Python) for automation and tooling.
• Demonstrated ability to automate and secure production systems, third-party SaaS applications, and security compliance controls across various environments.
• Proficiency in security architecture reviews, implementing guardrails for cloud-based web applications, and writing security automations.

About Patreon

Patreon empowers creators to pursue their passions by providing the tools to connect with their audience and build a sustainable business.