Staff Security Engineer

San Francisco, CA

Amplitude

Build better products by turning your user data into meaningful insights, using Amplitude's digital analytics platform and experimentation tools.

View all jobs at Amplitude

Amplitude is a leading digital analytics platform that helps companies unlock the power of their products. More than 2,300 customers, including Atlassian, Jersey Mike’s, NBCUniversal, Shopify, and Under Armour, rely on Amplitude to gain self-service visibility into the entire customer journey. Amplitude guides companies every step of the way as they capture data they can trust, uncover clear insights about customer behavior, and take faster action. When teams understand how people are using their products, they can deliver better product experiences that drive growth. 

As an organization, we approach challenges with humility, take ownership of our contributions, and embrace a growth mindset that pushes us to constantly improve ourselves, each other, and the value we bring to customers and partners.

Amplitude’s Commitment to Diversity Equity & Inclusion (DEI): Amplitude believes that diversity enables the creation of better products, improves the ability to solve complex problems, and drives more powerful solutions. We strive to create an environment of inclusion—one focused on psychological safety, empathy, and human connection—that will allow employees of all backgrounds to thrive.

About The Role & Team

As a Security Engineer, you will help identify and drive impactful projects to improve the security of Amplitude’s platform, products, and internal systems. The mission of the Amplitude Security team is to help Ampliteers ship the most secure product to our users. We are looking for security generalists with a strong grasp of security and engineering fundamentals. You will partner closely with teams across the company and focus on systemic security improvements and risk reduction. You will also maximize your security skills to support and participate in operational security responsibilities like security reviews and consulting, threat research/bug-bounty triage, incident response, and risk management.

 As a Security Engineer, you will: 

  • Perform technical security assessments, code audits, and design reviews
  • Clearly communicate the risk of security issues to developers, including proof-of-concept code as necessary to demonstrate the potential severity
  • Partner with Engineering to establish comprehensive visibility into potential risk events across a cloud-native environment
  • Create and refine telemetry, detection capabilities, and response playbooks required to detect, prevent, and respond to cyber risk events efficiently
  • Manage risks by implementing robust security capabilities for repeatable predictable outcomes and maturation, and by coordinating incident response workflows
  • Influence Engineering and Product teams to prioritize and implement all stages of the Vulnerability Management life-cycle - detection, analysis, remediation and disclosure
  • Participate in team on-call rotation to support our penetration-testing, bug-bounty, and vulnerability-management programs

You'll be a great addition to the team if you have:

  • 6+ years of security engineering experience OR equivalent experience in a SWE/DevOps role and an interest in working on security engineering initiatives
  • Familiarity with security detection techniques (SAST, DAST, IAST, SCA), threat modeling frameworks (OWASP, MITRE, STRIDE, DREAD), and how they are used together to improve product security through design reviews
  • A solid understanding of modern software development principles and design patterns, including the ability to write clean, efficient, and maintainable code (in Java, Typescript, Python, etc.)
  • Familiarity with Agile, DevOps, CI/CD, and cloud-based infrastructure like AWS
  • Curiosity and a willingness to learn

#LI-Remote

#LI-SA1

* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰

Job stats:  19  1  0

Tags: Agile Analytics Audits AWS CI/CD Cloud DAST DevOps IAST Incident response Java OWASP Pentesting Product security Python Risk management SAST Security assessment Threat Research TypeScript Vulnerability management

Perks/benefits: Team events

Regions: Remote/Anywhere North America
Country: United States

More jobs like this

Explore more career opportunities

Find even more open roles below ordered by popularity of job title or skills/products/technologies used.