Staff Security Engineer

United States

$40,000 - $67,500 a year (US Dollars)

Attentive is the AI-powered mobile marketing platform transforming the way brands personalize consumer engagement. Attentive enables marketers to craft tailored journeys for every subscriber, driving higher recurring revenue and maximizing campaign performance. Activating real-time data from multiple channels and advanced AI, the platform personalizes content, tone, and timing to deliver 1:1 messages that truly resonate.

With a top-rated customer success team recognized on G2, Attentive partners with marketers to provide strategic guidance and optimize SMS and email campaigns. Trusted by leading global brands like Neiman Marcus, Samsung, Wayfair, and Dyson, Attentive ensures enterprise-grade compliance and deliverability, supporting trillions of interactions across more than 70 industries.

We are seeking an experienced and adaptable security engineer with strong technical skills and a developer mindset. The ideal candidate is motivated to reduce risk while enabling the business to operate swiftly and safely. As a key member of the Security Engineering team, you will be responsible for securing Attentive’s platform (operating in AWS) and customer-facing products (primarily built with Java microservices). Your role will encompass building and operating tools to secure our code, detect abnormal behaviors, and provide security testing and guidance for new systems and features.

You will lead our product and application security program, serving as a central resource for enhancing product security for our clients. Collaborating with a talented team of security professionals, you will help shape the future of Attentive’s security program and create a positive impact for the company and its customers.

At Attentive, we strive to make interactions with our security team seamless and enjoyable. Therefore, the ideal candidate should possess:

• A creative and solution-oriented mindset to develop effective solutions for all stakeholders
• Patience to understand developer teams' processes and goals for implementing thoughtful security measures
• The ability to automate security processes to minimize the security burden on partner teams and support rapid company growth

• Architecture Design & Code Reviews: Conduct secure design and code reviews for new systems and features, identifying common vulnerabilities such as injection attacks and cross-site scripting (XSS)
• Automation & Tooling: Develop and implement security tools for code scanning, dependency management, and CI/CD pipeline integration to protect systems throughout the development lifecycle
• Engineering Support: Provide hands-on support to engineers in deploying security solutions, hardening services, and remediating vulnerabilities, including encryption and input validation
• Threat Modeling: Lead the creation of comprehensive threat models for products and infrastructure to identify, assess, and mitigate security risks
• Vulnerability Management: Establish and oversee a vulnerability management lifecycle, ensuring timely detection, reporting, and remediation of security vulnerabilities
• Security Guidance & Documentation: Promote secure coding practices and maintain security documentation, including reports from penetration testing and product security tools

• 7+ years of experience in application/product security, with expertise in web technologies, vulnerability identification and remediation, and cloud security fundamentals
• Proven ability to build and automate processes, such as static code analysis, enhancing code shipping practices beyond mere compliance
• Extensive knowledge of application and network protocols, cryptography, authentication and authorization protocols, as well as common security threats and attack techniques
• Strong coding and code review experience in Java, Python, and Golang, with a focus on Java vulnerabilities and Kubernetes/container security
• Experience with AWS and deploying infrastructure as code
• Skilled at communicating complex technical concepts and risks to non-technical audiences

You'll get competitive perks and benefits, from health & wellness to equity, to help you bring your best self to work.

For US based applicants:

- The US base salary range for this full-time position is $200,000 - $270,000 annually + equity + benefits

- Our salary ranges are determined by role, level and location

#LI-SK1

• security
• design
• swift
• technical
• recruiter
• support
• developer
• testing
• growth
• code
• web
• java
• cloud
• mobile
• management
• lead
• marketing
• health
• engineer
• engineering
• full-time
• digital nomad