Staff Software Engineer - Security

Description

Whisker is the maker of Litter-Robot, Feeder-Robot, and Litterbox.com. At Whisker, we believe pet parenthood can always get better.

As leading innovators in pet tech and refined pet accessories, we work tirelessly to solve problems and deliver smarter insights for pet parents while enriching the lives of pets. Whether it’s a self-cleaning litter box that automates scooping, an automatic feeder that helps pets develop healthier eating habits, or a modern cat tree that delights both humans and felines, we strive to deliver better solutions for consumers while transforming pet care along the way. To us, having a pet is the best thing ever. At Whisker, life together just keeps getting better.

Whisker is based in Auburn Hills, Michigan, Austin, TX and Juneau, Wisconsin with 600+ passionate team members.

What You’ll Do:

The Staff Security Engineer will lead the technical direction and security architecture of our systems, working cross-functionally to design, implement, and scale secure solutions that safeguard our infrastructure, products, and customer data.

Essential Duties and Responsibilities:

This list of duties and responsibilities is not all-inclusive and may be expanded to include other duties and responsibilities as deemed necessary.

• Leads the design and implementation of security architecture and controls across infrastructure and applications. For example, architect and enforce IAM policies, network segmentation, and data encryption strategies using cloud-native tools like AWS IAM, KMS, and VPCs
• Provides technical leadership and mentorship to engineers on secure design, development, and operations, fostering a culture of security-first thinking and knowledge sharing
• Conducts threat modeling, security design reviews, and vulnerability assessments to proactively identify and mitigate risks in our systems
• Develops and maintains the technical roadmap for security initiatives, ensuring alignment with business goals, compliance requirements (e.g., SOC2, GDPR), and long-term scalability
• Collaborates with software, DevOps, product, and legal teams to embed security into the software development lifecycle and infrastructure as code. For instance, integrate security checks into CI/CD pipelines using tools like Snyk, Trivy, and AWS Security Hub
• Translates business and compliance needs into technical security controls and implementation plans, ensuring practical solutions that enable business velocity while maintaining a strong security posture
• Investigates, responds to, and learns from security incidents, supporting root cause analysis, remediation, and continuous improvement of detection and response capabilities
• Stays current with industry trends, threat landscapes, and security frameworks (e.g., NIST, OWASP, MITRE ATT&CK), advocating for adoption where appropriate
• Drives innovation and process improvement in security automation, monitoring, and DevSecOps. For example, implement cloud-native security scanning, anomaly detection with AWS GuardDuty, and automated alerting via SIEM platforms
• Communicates effectively with both technical and non-technical stakeholders to convey complex security risks and strategies in a clear, actionable manner
• Collaborates with cross-functional teams in sprint planning, security backlog grooming, and risk prioritization to ensure security remains integral across the organization
• Will perform additional responsibilities when required

Requirements

What You’ll Bring:

• BA or Master’s degree in Computer Science, Cybersecurity, Engineering, or related field.
• 10 years of experience in security engineering, software engineering, or a related technical field, with a strong focus on designing secure, scalable systems.
• Deep understanding of modern security principles, authentication/authorization (e.g., OAuth2, JWT, RBAC), and secure software development practices.
• Hands-on experience with security architecture and tooling across major cloud platforms such as AWS, GCP, or Azure—e.g., KMS, IAM, GuardDuty, Security Hub, VPC security.
• Strong proficiency in scripting or programming languages such as Python, Go, or JavaScript, with the ability to develop security automation tools and secure libraries.
• Experience conducting threat modeling, risk assessments, and security code reviews across distributed microservices and modern web applications.
• Familiarity with CI/CD security, infrastructure-as-code, and DevSecOps practices (e.g., integrating SAST/DAST tools like Snyk, Trivy, Checkov into pipelines).
• Working knowledge of compliance frameworks and regulatory environments such as SOC2, ISO 27001, and GDPR.
• Strong understanding of data protection, encryption at rest/in transit, secure API design, and logging/monitoring for security events.
• Experience handling and securing large-scale systems and datasets, ideally in environments supporting millions of users or IoT ecosystems.
• Demonstrated leadership in driving security initiatives from conception to implementation, including cross-functional alignment and execution.
• Excellent problem-solving skills with the ability to assess risks and propose pragmatic, scalable mitigations.
• Strong communication and interpersonal skills with the ability to clearly explain security concepts to diverse stakeholders.
• Maintains confidentiality of proprietary information.
• Ability to maintain a professional atmosphere in a fast-paced environment with numerous interactions and interruptions.
• A high degree of initiative, self-motivation, and ability to motivate others.
• Ability to establish and maintain cooperative working relationships with team members and colleagues.
• Comfortable with office pets (cats, dogs).

Not Required but Nice to Have!

• Experience working in an Agile/Scrum environment and familiarity with related tools (e.g., JIRA, Git) 

Benefits & Purrks:

Join a tenacious, inventive company that empowers team members to chart their own path, lead by grounding decisions in the “why”, and has a strong sense of empathy and openness to new perspectives. Be a part of exciting growth, work with incredible people, and create tomorrow’s pet products—plus a whole lot of extras. You will also be provided with:

• Premium Medical/Dental/Vision insurance
• Paid parental leave
• Whisker Parents Program
• 1 day "pawternity" leave for new pet adoption
• Pet Insurance Discount
• 401K match
• Flexible spending accounts
• Company-paid short-term disability and life insurance
• Employee Assistance Program (EAP)
• Generous paid time off
• 14 Paid Holidays
• Top of the line equipment
• Pet-friendly office
• Whisker products and swag
• Continuing education Support
• On-site gym with Peloton
• Referral program

Statement of Inclusivity:

We believe different perspectives make Whisker better and strive to create a place where everyone has equal opportunities to thrive.

Please ensure to regularly check your email spam folder for any communication from Whisker to avoid missing important updates regarding your application status.

#onsite1