- Design and build shared libraries, platform guardrails, and internal tools that make the secure path the easy path for engineers
- Review architecture, technical designs, and production code for security issues in product and platform systems
- Perform pragmatic threat modeling for new features, workflows, services, and integrations
- Improve core security patterns across the stack, including authentication, authorization, secrets handling, secure logging/redaction, auditability, and sensitive-data protections
- Build or improve developer-facing security automation in CI/CD and local workflows, including code scanning, dependency policy, secret detection, and infrastructure checks
- Work directly with engineers to remediate vulnerabilities in code and design, focusing on durable fixes and reusable patterns
- Help define and evolve a lightweight secure SDLC that fits a fast-moving startup environment
- Contribute to incident analysis and postmortems when product or platform security issues arise
- Write clear documentation, examples, and decision records that help teams build securely without unnecessary friction
AWSDockerNode.js+5 more