Security Engineer

Why this role matters now

AI is fundamentally changing the cybersecurity landscape. Frontier AI models are rapidly reducing the time, resources, and skill required to find and exploit software vulnerabilities.

This works both ways: defenders who adopt AI tools can move just as fast. At Gamma, we believe security engineering must evolve to meet this moment. That means closing patch gaps faster, scanning our own code with the same frontier models an attacker would use, designing systems that hold even when an adversary has unlimited patience, and building incident response capabilities that can handle simultaneous, AI-accelerated threats.

You'll be building Gamma's security posture for the age of AI-driven offense and defense. If you're excited about leveraging AI to protect infrastructure at scale, this is the role.

About the role

You'll protect Gamma's platform, infrastructure, and data as we scale to serve hundreds of millions of users. That means building security tooling and automation, partnering with engineering teams to embed security into everything we ship, and helping shape how the company thinks about security as a practice. You'll work across the organization to identify and mitigate risks without slowing down development velocity.

This role combines hands-on security engineering with strategic influence. You'll write code to solve security problems, conduct architecture reviews, lead vulnerability management, and drive initiatives for compliance frameworks like SOC 2 and ISO 27001. You'll work closely with engineering, product, and compliance to make security foundational rather than reactive.

Our team has a strong in-office culture and works in person 4-5 days per week in San Francisco. We love working together to stay creative and connected, with flexibility to work from home when focus matters most.

What you'll do

• Design and implement security controls across Gamma's AWS infrastructure and application layer

• Build security tooling and automation to detect, prevent, and respond to threats at scale

• Conduct security reviews of architecture designs, code, and infrastructure changes

• Lead vulnerability management, coordinate bug bounty responses, and drive remediation priorities

• Develop and maintain security monitoring, alerting, and incident response capabilities

• Partner with engineering teams on secure coding practices and threat modeling

• Deploy AI-assisted vulnerability scanning across our codebase and infrastructure-scanning our own systems with frontier models before attackers do

• Build automated triage workflows that use AI to deduplicate findings, estimate exposure, and draft remediation tickets

• Drive adoption of memory-safe languages and secure-by-design practices for new code, informed by current CISA and NCSC guidance

What you'll bring

• 5+ years of software engineering experience with at least 2-3 years focused on security engineering or application security

• Strong hands-on experience securing AWS environments, including IAM, VPC, security groups, CloudTrail, and GuardDuty

• Proficiency in at least one backend language (Python, TypeScript/Node.js, or Go preferred) with experience building security tools

• Deep understanding of web application security including OWASP Top 10, common vulnerability classes, and authentication/authorization patterns, with experience implementing security controls in CI/CD pipelines and infrastructure-as-code (Terraform, CloudFormation)

• Clear communicator who works well embedded with product engineering teams

• Background in penetration testing, offensive security, and SIEM/log analysis

Nice to have

• Experience at a high-growth SaaS startup navigating rapid scaling and compliance

• Familiarity with AI/ML security tooling, including using frontier models for code scanning, automated pentesting, or threat detection

• Experience building zero trust architecture or identity-aware access controls (FIDO2, short-lived tokens, hardware-bound credentials)

• Knowledge of supply chain security frameworks like SLSA, OpenSSF Scorecard, or SBOM tooling

Compensation range:

The base salary for this full-time position, which spans multiple internal levels depending on qualifications, ranges between $180K - $310K plus benefits & equity.

Final offer amounts are determined by multiple factors, including but not limited to experience and expertise in the requirements listed above.

If you're interested in this role but you don't meet every requirement, we encourage you to apply anyway! We're always excited about meeting great people.