Senior Security Engineer

As a Senior Security Engineer at Spidersilk, you will lead technical initiatives to enhance the security, resilience, and trustworthiness of our platforms and infrastructure. You will work at the intersection of engineering, security research, and operations — helping shape security strategy, designing scalable solutions, and mentoring peers as part of a mission-driven cybersecurity team.

You’ll have a key role in both proactively defending against threats and embedding security into the DNA of everything we build and deliver.

Responsibilities:

• Design and implement secure architecture across applications, cloud environments, and internal systems.

• Lead threat modeling, security reviews, and vulnerability assessments across engineering projects.

• Collaborate with product, platform, and DevOps teams to embed secure development practices (DevSecOps).

• Develop custom tools, scripts, and automation for detection, hardening, and incident response.

• Monitor evolving threats and advise on detection and mitigation strategies based on real-world TTPs.

• Investigate complex security events and lead remediation efforts when necessary.

• Mentor junior engineers and contribute to internal security training and process improvement.

Requirements:

• 5+ years of hands-on experience in security engineering, offensive security, or a related technical security role.

• Strong understanding of systems security, application security, and cloud security principles (AWS, GCP, or Azure).

• Experience with infrastructure-as-code, CI/CD pipelines, and secure deployment practices.

• Proficiency in one or more scripting or programming languages (Python, Go, Bash).

• Familiarity with vulnerability management workflows, detection logic, and SIEM integration.

• Excellent problem-solving skills and ability to work across departments with technical and non-technical stakeholders.

Preferred Qualifications:

• Prior experience working in cybersecurity product environments or high-growth technology companies.

• Contributions to open-source security tools, advisories, or public research.

• Certifications such as OSCP, OSWE, CISSP, or GIAC (GSE, GCIA, GMON) are a plus.

• Experience with offensive techniques and the ability to think like an attacker.