Founding Security Engineer

incident.io is the leading all-in-one platform for incident management. From small bugs to major outages, incident.io helps teams respond fast, reduce downtime, and improve every time something goes wrong.

Since launching in 2021, we've helped 800 companies‑including Netflix, Airbnb and Block‑resolve over 250,000 incidents. Every month, more than 30,000 responders across Engineering, Product and Support use incident.io to fix things faster.

Our Engineers know the drill, they've been paged at 3am. They're on a mission to transform those wee‑hour wake‑up calls into smoother, more manageable experiences for engineering teams everywhere. In fact, they're some of our product's biggest fans and users. What really sets them apart is their unwavering commitment to our customers.

We're looking for our first Security Engineer with a passion for application security who thrives when embedded within product teams. You'll work side‑by‑side with engineers, helping us design and build secure systems from the ground up not just swooping in at the end to run a checklist. You'll spot potential vulnerabilities before they reach production, coach engineers on secure coding practices, and help shape a culture where security is second nature.

As you'll be the first Security Engineer, you'll be collaborating heavily with the Infrastructure team as well to help us secure our infrastructure, CI/CD, and our internal tooling.

• Partner with product teams to design and review features with security built in from the start.
• Identify and mitigate vulnerabilities using white‑box (code review, architecture analysis) and black‑box (penetration testing, fuzzing) techniques.
• Proactively find security flaws in applications, APIs, and infrastructure, and help teams remediate them quickly.
• Introduce pragmatic security tooling and automation to strengthen defences without slowing down delivery.
• Champion secure coding practices and raise security awareness across the engineering organisation, including collaborating on incident response when needed.

• Track record of finding and remediating application security vulnerabilities, ideally demonstrated through in-depth security research, penetration testing, or red teaming.
• Hands‑on experience with white‑box and black‑box testing techniques and tools.
• Familiarity with secure software development in modern web applications (React, Go, TypeScript, Postgres, or similar stacks).
• Comfortable embedding within product teams and influencing design and implementation decisions.
• Experience with cloud security in Google Cloud Platform (GCP Security Command Center is a plus) and a pragmatic approach – knowing where to focus for maximum risk reduction without slowing down delivery.

We're building a place where great people can do their best work – and that means looking after you and your family with benefits that support health and personal growth.

• Market leading private medical insurance
• Generous parental leave
• First Friday of the month off
• Generous annual leave/PTO allowance
• Competitive salary and equity
• Remote working and personal development budget
• Enhanced pension/401k