About the role
You'll protect Gamma's platform, infrastructure, and data as we scale to serve hundreds of millions of users. This involves building security tooling and automation, partnering with engineering teams to embed security into everything we ship, and helping shape how the company thinks about security as a practice. You'll work across the organisation to identify and mitigate risks without slowing down development velocity.
This role combines hands-on security engineering with strategic influence. You'll write code to solve security problems, conduct architecture reviews, lead vulnerability management, and drive initiatives for compliance frameworks like SOC 2 and ISO 27001. You'll work closely with engineering, product, and compliance to make security foundational rather than reactive.
Our team has a strong in-office culture and works in person 4–5 days per week in San Francisco. We love working together to stay creative and connected, with flexibility to work from home when focus matters most.
What you'll do
- Design and implement security controls across Gamma's AWS infrastructure and application layer
- Build security tooling and automation to detect, prevent, and respond to threats at scale
- Conduct security reviews of architecture designs, code, and infrastructure changes
- Lead vulnerability management, coordinate bug bounty responses, and drive remediation priorities
- Develop and maintain security monitoring, alerting, and incident response capabilities
- Partner with engineering teams on secure coding practices and threat modeling
What you'll bring
- 5+ years of software engineering experience with at least 2–3 years focused on security engineering or application security
- Strong hands-on experience securing AWS environments, including IAM, VPC, security groups, CloudTrail, and GuardDuty
- Proficiency in at least one backend language (Python, TypeScript/Node.js, or Go preferred) with experience building security tools
- Deep understanding of web application security including OWASP Top 10, common vulnerability classes, and authentication/authorisation patterns, with experience implementing security controls in CI/CD pipelines and infrastructure-as-code (Terraform, CloudFormation)
- Clear communicator who works well embedded with product engineering teams
- Background in penetration testing, offensive security, and SIEM/log analysis
- Experience at a high-growth SaaS startup navigating rapid scaling and compliance (Nice to have)
Compensation range:
The base salary for this full-time position, which spans multiple internal levels depending on qualifications, ranges between $180K – $310K plus benefits & equity. _Final offer amounts are determined by multiple factors, including but not limited to experience and expertise in the requirements listed above._
XML job scraping automation by YubHub
