Staff Platform Security Engineer Office of the CISO

Staff Platform Security Engineer - Office of the CISO

Position Overview: Were looking for a Staff Platform Security Engineer to join our team and help drive our product security to the next level and beyond. The ideal candidate for the role will be a highly technical passionate team-oriented professional who can evolve our security infrastructure and platform security embedding secure practices into every layer of our product platform and this strategic and hands-on role you will architect implement and scale robust security automation policy enforcement and threat detection systems across our CI/CD pipelines data pipelines and cloud infrastructure and environments. Youll be instrumental in shaping how security is integrated into software development and operations driving security visibility reliability and trust at global scale.

The ideal person for this role must be mission and values-driven must have an ownership mentality and must put the well-being of our customers our teammates and our organization at the forefront of how they operate. This person must be able to operate and thrive in a dynamic high-growth startup environment within an established Cybersecurity GRC and IT team and programs. This is a critical high-impact role that will serve as a catalyst for growth for any seasoned cybersecurity professional.

The Staff Platform Security Engineer reports to the Chief Information Security Officer and will be responsible for developing implementing optimizing scaling automating and operating effective security controls and capabilities within the organization and product suite. The Staff Platform Security Engineer works closely with DevOps and Engineering teams to support the companys security needs provide support and facilitate secure technology operations.

Candidates applying for this sensitive and high-impact role should be highly technical team players with software engineering automation and application and infrastructure security experience capable of implementing protection detection and response capabilities and industry best practices across an organization with a cybersecurity mission and modern tech stack. This is a multi-faceted role within a fast-moving startup and will require the successful candidate to possess an ownership mentality sound judgment personal responsibility and initiative.

In this role you will support the companys overall security mission and help drive alignment maturity capacity and optimization where needed.

Your Responsibilities Will Include

• Security Architecture and Technical Leadership
• Design and drive a holistic Platform Security strategy aligned with business risk posture and compliance requirements.
• Collaborate with IT GRC DevOps and Engineering teams to build secure and privacy-by-default product hosting platforms.
• Define and implement secure patterns for cloud-native architectures (e.g. containers serverless IaC).
• Create automation workflows for security incident detection and response across environments.
• Establish continuous compliance pipelines for standards like SOC 2 ISO 27001 FedRAMP or HIPAA.
• Lead security architecture reviews threat modeling sessions and secure coding workshops.
• Mentor more junior security engineers and influence cross-functional teams through technical thought leadership.

• Ensuring the Obsidian product is built and deployed to a high-security standard
  • Ensure that application code images dependencies and infrastructure are scanned for vulnerabilities and that vulnerabilities are remediated in a risk-informed and timely manner.
  • Embed security controls into build and deployment pipelines (GitLab CI).
  • Mature vulnerability scanning (SAST DAST SCA) and integrate results into feedback loops for security and engineering teams.
  • Develop and enforce guardrails and policy-as-code (OPA) to prevent misconfigurations and policy drift.
  • Ensure that CI/CD infrastructure and other critical infrastructures and systems are hardened according to security best practices and standards and monitored for security threats.
  • Harden Kubernetes clusters container runtimes and cloud environments (AWS/GCP) using security standards and best practices.
  • Lead implementation of infrastructure as code (Terraform) security validation and drift detection.
  • Drive zero-trust principles in service-to-service communication and access control.
  • Support product penetration testing and corporate red teaming exercises.

• Ensuring Obsidian assets are managed to a high-security standard
• Implement security tooling automation and orchestration as needed for detection response reporting and vulnerability management capabilities.
• Ensure that security tooling is maintained optimized and consistently deployed across the Obsidian install base.
• Develop security threat detection rules and analytics within Obsidian security tooling systems and drive posture security maturity.
• Support security program continuity and resiliency by maturing security documentation processes and runbooks. Build playbooks for recurring security events and operations.

What Were Looking For

• A person who is excited about working at an industry-leading cybersecurity startup company with enterprise security needs.
• At least 8 years of security engineering experience
• Proficient in software engineering with emphasis on the Python programming language at a minimum
• Proficient in Terraform Infrastructure-as-Code
• Proficient in securing Kubernetes
• Proficient in securing AWS and GCP environments
• Proficient in securing the GitLab platform
• Proficient in security automation
• Excellent understanding of multiple security domains such as protection detection response application security vulnerability management or threat intelligence
• Be obsessive about security while doing everything possible to support the overall mission.
• Experience working with multiple internal and external stakeholders during incident lifecycles
• Experience communicating across a company to encourage and educate on best practices standards and policies

What We Can Do For You

• Be part of a team-first low-ego mission-focused culture.
• Provide opportunities for professional development.
• Provide opportunities to make high-impact contributions to security.
• Influence the Obsidian product development.
• Annual conference attendance budget
• Competitive salary equity and health benefits
• Opportunity to publish research share non-proprietary code and present at conferences
• Reserve your seat on our rocket ship! We are funded by Greylock Partners Google Ventures Menlo Ventures WingVC Norwest Venture Partners and are growing fast.

This role is a game-changer and is about securing our company and product as we provide cutting-edge capabilities to help organizations increase their security.