Remote Staff Security Engineer

Description:

• The Staff Security Engineer at LiveKit is not just focused on running scans or writing policies; they are expected to be a hands-on engineer who can think like both a builder and a breaker.
• The role involves getting deep into the stack, including API endpoints, container images, and browser sandboxes.
• The engineer will own security across the stack, which includes applications, services, infrastructure, and developer workflows.
• Responsibilities include proactively identifying, assessing, and mitigating risks in both infrastructure and application codebases.
• The engineer will lead secure code reviews, architecture discussions, and threat modeling sessions.
• They will build tooling and automations to prevent security issues before they reach production.
• The role requires hardening authentication and access control across internal and external surfaces.
• The engineer will partner closely with other engineers to design secure-by-default APIs, workflows, and deployments.
• Investigating vulnerabilities, responding to security incidents, and managing disclosure processes are also key responsibilities.
• Staying current with security research, tooling, and threats is essential, and the engineer is expected to put that knowledge into action.

Requirements:

• Candidates should be hands-on engineers who understand security from first principles.
• A minimum of 6 years of experience as a software engineer with an interest in security engineering is required.
• Applicants should have led or heavily contributed to security engineering efforts across applications, infrastructure, or both.
• The ability to analyze systems for weaknesses in business logic, configuration, or code is necessary.
• Experience with threat modeling, secure coding practices, and vulnerability management is required.
• Familiarity with CI/CD systems, cloud platforms (such as AWS, GCP), and containerized environments is essential.
• Candidates must be able to translate security concerns into engineering action without being the “no” person.
• Excellent communication and collaboration skills are required, along with the ability to document and evangelize best practices.
• Experience responding to real-world security incidents, leading postmortems, or driving remediation efforts is necessary.

Benefits:

• LiveKit offers a competitive salary and equity package.
• Health, dental, and vision benefits are provided.
• The company offers flexible vacation policies.
• A remote-friendly work environment is available, with necessary equipment provided.