Staff Software Engineer - Security

Position Overview

• Location Type: Remote
• Job Type: Full-Time
• Salary: $230K - $257K

Dandy is a company transforming the dental industry through technology, aiming to simplify and modernize dental practice operations. Backed by leading venture capital firms, Dandy is building a global operating system for dental offices.

About the Team

Dandy is seeking a highly skilled and hands-on Staff Security Engineer to be the first dedicated security hire. This role offers the opportunity to establish the technical foundation for security, directly impacting the protection of the platform and customer data. The position involves significant autonomy in selecting, implementing, and managing security solutions, identifying and remediating vulnerabilities, and playing a key role in incident response. The focus will be on deep technical execution and strengthening the company's defenses and security posture. This role is ideal for individuals passionate about building secure systems, tackling technical challenges, and making a tangible difference in a fast-paced environment.

Responsibilities

• Collaborate with engineering teams to design and implement secure application architectures, influencing feature development with security considerations from inception.
• Provide expert guidance on secure coding practices, API security, authentication/authorization patterns, and data protection throughout the software development lifecycle.
• Lead vulnerability management efforts, including identifying risks in applications and infrastructure (using automated and manual methods), prioritizing findings, and coordinating remediation with engineering teams.
• Evaluate, select, and drive the adoption of application and infrastructure security tools (e.g., SAST, DAST, SCA, container scanning), ensuring integration into developer workflows.
• Define and assist in implementing incident response processes and playbooks.
• Act as a senior technical contributor during incident investigations, supporting teams in forensics, containment, and recovery.
• Partner with the infrastructure team to establish guardrails and controls across GCP environments, including identity and access management, network security, and container hardening.
• Champion a security-first engineering culture through practical education, mentoring, and hands-on support to development teams.

Requirements

• 8+ years of progressive, hands-on experience in cybersecurity, with a strong emphasis on application security, secure design, and vulnerability management.
• Deep understanding of web application and API security, including common vulnerabilities, secure software architecture, and threat modeling.
• Experience collaborating directly with software engineering teams to guide the implementation of secure development practices and influence technical design decisions.
• Proven ability to lead technical efforts in vulnerability identification, triage, and remediation across application code and cloud infrastructure.
• Hands-on experience implementing and operating security tooling and basic infrastructure-level controls.
• Demonstrated experience leading or significantly contributing to security incident response efforts, including log and forensic analysis.
• Strong communication and collaboration skills, with the ability to influence without authority and guide teams toward secure-by-default outcomes.

Bonus Points

• Experience securing services that handle sensitive data, such as PHI.
• Understanding of data protection principles.
• Proficiency in integrating security tools.