Lead Security Engineer

Swiftly is on a mission to help cities move more efficiently. We are the leading transit data platform for agencies to share real-time passenger information, manage day-to-day operations, and improve service performance. Today, over 180 transit agencies in 12 countries – including LA Metro, MARTA, SEPTA, and MBTA – rely on Swiftly to improve on-time performance by up to 40% and increase passenger information accuracy by up to 50%. The result is better service reliability, increased ridership, and more efficient transit operations.

Even though Swiftly's HQ office is located in San Francisco, CA, we are open to candidates in most locations across the U.S. as well as Ontario and British Columbia, Canada. At this time we are unable to provide Visa sponsorship.

Engineering at Swiftly is not only about writing code – we believe in creating empowered product teams that work together to conceptualize new features and bring them to life. Each team aims to strike a balance between delivering incremental improvements, creating prototypes to test new ideas and mitigate risks, and building scalable software using industry best practices. We’re guided by a mission to positively impact transit riders, and we embrace humility and intentionality in how we make technical decisions so that we best meet our customers’ needs.

We're looking for a Lead Security Engineer to join our Platform team and mature Swiftly's security posture. We believe excellent security isn't just about tools and controls; it's about empowering product, infrastructure, and corporate IT teams across our organization to make secure decisions every day. In this role, you'll partner closely with engineering, product, and go‑to‑market teams to design secure solutions, build DevSecOps tooling, and drive our compliance roadmap. You'll balance strategic initiatives with hands‑on work in our cloud‑native environment. We're looking for someone equally comfortable working on codebases and leading cross‑functional initiatives, a force multiplier who can train teams, represent security to customers and executives, and make security a natural part of how Swiftly ships products.

• Own Swiftly's security risk register and threat models; identify, prioritize, and drive remediation of risks across application and infrastructure.
• Design secure architectures for our SaaS platform, mobile applications, and IOT/Hardware Integration, focusing on authentication, authorization, data protection, and network boundaries
• Recommend, implement, and manage security tools end‑to‑end
• Build DevSecOps guardrails into CI/CD so vulnerabilities, misconfigurations, and license issues surface early
• Conduct internal security assessments and coordinate engagements with external penetration testers.
• Own security policies and standards; ensure they're practical, adopted, and measurable
• Define standards for secure adoption of AI coding assistants, building reusable patterns, custom configurations, and guardrails that help developers move fast safely

• Lead renewals and continuous readiness for existing certifications like SOC 2
• Proactively identify security frameworks required for international expansion; scope cost, level of effort, and timelines to inform market entry decisions; and lead execution of new certifications
• Respond to customer security and compliance inquiries and support product marketing with security content

• Design and maintain security incident response plans, playbooks, and escalation paths
• Serve as an escalation point for security incidents; lead triage, root cause analysis, and remediation

• Define and maintain security KPIs and dashboards for executive and board reporting
• Give teams visibility into their security posture and coach them to improve
• Influence roadmap prioritization to ensure security and compliance are first‑class concerns
• Mentor engineers in secure design and help grow a security‑aware culture across Swiftly by delivering security training and office hours for developers and other stakeholders
• Drive corporate IT security strategy, including endpoint hardening, email security, IAM standards, and periodic access reviews

• 5+ years of experience in security engineering with both strategic and hands‑on work
• Strong experience securing cloud‑native environments (AWS preferred), including IAM, networking, logging/monitoring, and secrets management
• Hands‑on experience with infrastructure‑as‑code (Terraform) and policy‑as‑code frameworks (OPA, Sentinel, or similar)
• Background building security into CI/CD pipelines and development workflows
• Familiarity with container and orchestration security
• Excellent threat modeling and risk assessment skills; able to translate complex risks into clear options and tradeoffs
• Experience with compliance frameworks (SOC 2 preferred) and audit processes
• Strong communication skills; comfortable working across technical and non‑technical teams
• Self‑directed and comfortable operating with autonomy

• Relevant certifications (CISSP, cloud security certifications)
• Experience advising on security for AI/ML or LLM‑powered features
• Mobile application security experience (Android preferred)
• Experience with GRC and compliance platforms
• Background in application security or penetration testing
• Experience with international compliance frameworks
• Familiarity with regulated industries or public sector requirements
• Experience with physical device security (IoT, embedded systems, or field‑deployed hardware)
• Experience with Mobile Device Management (MDM) solutions for enterprise or fleet deployments

In accordance with pay transparency laws, please see the approximate salary ranges below. These ranges represents the anticipated low and high end of the salary for this position. Actual salaries will vary and are based on a multitude of non‑discriminatory factors including final role leveling decisions, a candidate’s relevant work experiences/skills, and geographic location. Salary is one component of Swiftly’s total compensation package, which also includes stock options, competitive benefits, 401(k)/ RRSP matching, a fantastic team and culture, opportunity to have a huge impact, emphasis on professional growth and holistic wellness, and other perks.

US Salary Range: $140,000 - 200,000

Canadian Salary Range: $165,000 - 200,000

We are looking for candidates who are passionate about mobility, sustainability, or mission‑oriented projects that have a significant real‑world impact. Ideal candidates encompass the core values of our company:

Team. Together, we are more effective and better supported

Impact. Drive impact for our customers, our company, and all of our teams

Diversity. See differing perspectives as ways to address our weaknesses and find new strengths

Communication. Assume others internally and externally have good intentions

Feedback. We share feedback because we want each other to grow professionally and personally

Growth. Foster personal, professional, and company growth

• Competitive salary
• Equity compensation (company ownership) for every employee
• Medical, Dental and Vision
• Retirement with Employer Match
• Flexible Spending Account (FSA)
• Home office setup reimbursement
• Monthly cell/internet reimbursement
• Monthly "Be Well" stipend
• Flexible PTO with a recommended minimum
• Flexible work environment
• 16 paid holidays - including months without US national holidays
• 8 fully paid weeks of leave for child birth/adoption

Swiftly employees can generally expect to travel 1–2 times a year for in‑person company or team offsites. As a fully distributed company, we consider these offsites important for cultivating strong relationships across our teams! Attending these in‑person is expected and encouraged, although we understand everyone has different personal circumstances and we will consider requests for exceptions. Customer‑facing team members and other specific roles may be expected to travel more frequently.

We are an equal opportunity employer - we are committed to a workplace that is as dynamic, diverse, and passionate as the communities we serve.