Negotiable
About incident.io
incident.io is the leading all-in-one platform for incident management. From small bugs to major outages, incident.io helps teams respond fast, reduce downtime, and improve every time something goes wrong.
Since launching in 2021, we''ve helped 800 companies-including Netflix, Airbnb and Block-resolve over 250,000 incidents. Every month, more than 30,000 responders across Engineering, Product and Support use incident.io to fix things faster.
We''re a small team that cares deeply about pragmatism, quality, magic, and pace. We''ve raised $100M from Index Ventures, Insight Partners and Point Nine, alongside many angel investors who are founders and executives of world-class companies.
The Team
Our Engineers know the drill - they''ve been paged at 3am. They''re on a mission to transform those wee-hour wake-up calls into smoother, more manageable experiences for engineering teams everywhere. In fact, they''re some of our product''s biggest fans and users. What really sets them apart is their unwavering commitment to our customers.
We''re looking for our first Security Engineer with a passion for
application security
who thrives when embedded within product teams. You''ll work side-by-side with engineers, helping us design and build secure systems from the ground up - not just swooping in at the end to run a checklist. You''ll spot potential vulnerabilities before they reach production, coach engineers on secure coding practices, and help shape a culture where security is second nature.
As you''ll be the first Security Engineer, you''ll be collaborating heavily with the Infrastructure team as well to help us secure our infrastructure, CI/CD, and our internal tooling.
What you''ll be doing:Partnering with product teams
to design and review features with security in mind from day one.Identifying and mitigating vulnerabilities
through both white-box (code review, architecture analysis) and black-box (penetration testing, fuzzing) approaches, to name a couple.Proactively finding security flaws
in our applications, APIs, and infrastructure - and helping teams remediate them quickly.Introducing pragmatic security tooling and automation
to strengthen our defences without creating bottlenecks.Championing secure coding practices
and raising security awareness across the engineering organisation.Collaborating on incident response
and post-incident reviews when security issues arise.
What you need to be successful:A track record of
finding and remediating application security vulnerabilities , ideally demonstrated through in-depth security research, penetration testing, or red teaming.Hands-on experience with
white-box and black-box testing
techniques and tools.Familiarity with
secure software development
in modern web applications (React, Go, TypeScript, Postgres, or similar stacks).Comfortable
embedding within product teams
and influencing design and implementation decisions.Experience with cloud security in
Google Cloud Platform
(GCP Security Command Center is a plus).A pragmatic approach - knowing where to focus for maximum risk reduction without slowing down delivery.What we offer:
We''re building a place where great people can do their best work-and that means looking after you and your family with benefits that support health and personal growth.Market leading private medical insuranceGenerous parental leaveFirst Friday of the month offGenerous annual leave/PTO allowanceCompetitive salary and equityRemote working and personal development budgetEnhanced ..... full job details .....
Negotiable