Platform Security Engineer
Role details
Job location
Tech stack
Job description
We are looking for a Platform Security Engineer (Senior+) to join our Product Security domain. This role exists because the scope and importance of our work has outgrown the capacity of a single person.
Our platform underpins multiple products and handles sensitive, high-value data. At its core sits a large, graph-based data store that powers downstream systems. Building and securing access to that data, correctly and pragmatically, is critical to the company.
This is a hands-on engineering role. You will design, build, and ship production-grade security and privacy controls, not just define policies or review designs from the sidelines.
What you'll be working on
You will take ownership of platform-level trust and safety concerns, including:
- Designing and implementing authentication and authorization for a large, graph-based database (hundreds of thousands of nodes)
- Building and evolving secure OAuth-based AuthN/AuthZ flows, including token handling, permission models, and enforcement
- Making concrete improvements to production security posture
- Auditing, understanding, and improving data flows and data-privacy controls, ensuring sensitive data does not end up where it shouldn't
- Acting as a security and privacy gatekeeper in reviews - asking hard questions and requiring changes when needed
- Improving and maintaining supply-chain security, including SAST, SCA, container scanning, and CI/CD hardening
This role is intentionally broad. You will not be a single-domain specialist, and you will not be shielded from complexity.
What success looks like
After ~90 days, a successful hire will have:
- Shipped meaningful, production-level security improvements
- Taken ownership of parts of the AuthN/AuthZ model and implementation
- Developed a solid mental model of our data flows and privacy risks
- Earned trust across teams as someone who can say "this is not okay" - and explain why, with facts
- Reduced risk in practical ways, not through security theatre
Requirements
How you'll work
This is a high-autonomy role. You are expected to scope problems yourself when needed.
- You will collaborate closely with engineers across the company, not operate as a silo.
- Disagreement is normal - decisions should be backed by reasoning, data, and threat modeling, not ego.
- Blocking a release on security or privacy grounds is possible when warranted, with clear escalation paths.
- If you see a problem, even outside your direct domain, you are expected to help fix it.
Requirements
Do you have experience in Supply chain?, Required
- Strong proficiency in Python (our primary language)
- Deep understanding of authentication and authorization concepts, including OAuth, JWTs, permission models, and secure token handling
- Experience designing and securing non-trivial data systems
- Ability to reason about risk, trade-offs, and real-world constraints
- A track record of shipping real security improvements, not just writing policy
Strongly preferred
- Experience with graph databases, ideally Neo4j or similar
- Experience with CI/CD and supply-chain security (SAST, SCA, container scanning, pipeline hardening)
- Experience with Go or Rust
- Some familiarity with frontend or React (not required, but useful for end-to-end thinking)
Benefits & conditions
- Not a policy-only or advisory role
- Not a role with pre-defined, perfectly scoped tasks
- Not about chasing tools without understanding the problems they solve
- Not security theatre
If you need everything spelled out, or prefer to avoid ambiguity, this role will be frustrating.
Seniority & growth
This role is intentionally levelled as Senior+. We are open to hiring at different seniority levels if the fit is right. Titles matter less than ownership, judgment, and impact.
