Senior Security Engineer (Application & Infrastructure)

The Opportunity

Join us to own security end-to-end, from shaping WAF rules and cloud posture to building secure APIs that millions rely on.

We’re hiring a Senior Security Engineer to help scale Thrive’s security posture as we continue to grow fast and land major enterprise customers.

This isn’t your typical security role. We’re looking for someone who can code first, audit later & are able to dive into our NodeJS/React stack, help teams ship secure-by-design features, and implement pragmatic security improvements across our application codebase, tooling and cloud infrastructure.

You’ll work closely with Engineering, Product, and InfoSec to ensure Thrive stays secure by design, especially as we expand into new markets, industries, and regulatory environments.

What You’ll Be Doing

• Own security across the full stack, from React & NodeJS through to AWS infrastructure, WAFs, and CI/CD.

• Build and maintain security-first libraries, tooling and pipelines to support engineering at scale.

• Embed secure-by-default practices into our codebase and developer workflows (CI/CD, code reviews, linting, scanning).

• Act as an internal consultant and coach, unblocking teams, upskilling devs, and spotting risks early.

• Partner with Engineering Leads and our CPTO to assess new threats, handle incidents, and continuously improve our posture.

• Support customer security reviews, RFPs, and external audits (SOC2, ISO27001, etc).

• Design and tune WAF rules, bot protections, and layered defenses to mitigate real-world attacks.

• Improve the security of our cloud infrastructure (AWS), IAM policies, and container configurations.

What We’re Looking For

• 5+ years as a fullstack or backend engineer with a strong security mindset.

• Deep experience with fullstack JavaScript/TypeScript (e.g. NodeJS / React or equivalent) and AWS.

• Proven track record of identifying, fixing and preventing security issues in production systems.

• Strong understanding of common vulnerabilities (e.g. OWASP Top 10) and mitigation techniques.

• Comfortable working cross-functionally with engineers, product managers, and leadership.

• Pragmatic - you know when to secure, when to monitor, and when to say no.

• Experience with WAFs, IAM, and infrastructure-layer security (e.g., network, container, or runtime protections).

• Experience with SOC2 / ISO27001, Vanta, or security questionnaires for enterprise customers.

• Familiarity with identity & access management (SSO, SCIM, RBAC), secure frontend patterns, and data encryption at rest/in transit.

• Incident response experience or interest in setting up robust response playbooks.

• Experience working in SaaS or L&D platforms, or building security into multi-tenant cloud applications.

Why Thrive?

• A chance to join a rocket-ship EdTech company on a mission to redefine workplace learning.

• A collaborative, people-first culture where your voice matters and your work has a real impact.

• Competitive salary + uncapped commission + benefits (private health, wellness perks, pension).

• Remote-first, flexible working environment built on trust and autonomy.

• The opportunity to work with global brands and cutting-edge learning technologies.

Sound Like You?

If you’re an engineer who sweats the security details, loves building clean and secure code, and wants to shape security at a product-led SaaS business - we’d love to talk.

#LI-Remote