Senior Security Engineer

Velocity Global offers the most unified, tech-enabled, and customer service-driven global workforce management, ensuring smooth, reliable operations across countries, roles, and workforce types so businesses can navigate complexity with confidence, deliver strong results, and stay ahead. We help you expand your business into new markets without the complexity of setting up entities. We hire, pay, and manage your workforce across 185+ countries with our AI-powered global Workforce Technology platform.

Who we are looking for:

We are seeking a highly motivated and experienced Senior Security Engineer to join our growing Security Engineering team!  

Can you assess and interpret data better than those around you? Are you a thought leader? Are you a great team player and love being part of a vibrant, intelligent team? If this sounds like you, come join us at Velocity Global.

This hybrid role will be based in Palo Alto, California, and in-office collaboration is required for at least three days per week. You will report to the Senior Manager, Security Engineering.

Key Responsibilities:

As a senior security engineer at Velocity Global, you will  be a hands-on engineer, responsible for ensuring the security, efficiency, and continuous innovation of our platform to support our engineering teams. You're responsible to ensure applications adhering required standards, regulations and compliance requirements (eg. GDPR / HIPPA / OWASP)

• Drive the adoption of modern, cloud-first, security-first design patterns and integrate these with existing systems.
• Naturally accountable, responsible, self-motivated and self-sufficient.
• Proven ability to bring security solutions to production and operate them in cloud environments.
• Work alongside developers, technology leaders, and external partners to address security risks.
• Collaborate with internal teams to design and implement security best practices across the development lifecycle.
• Support security initiatives related to DevOps, SRE, and cloud security architectures.
• Research, evaluate, and recommend new security tools and methodologies to improve testing capabilities.
• Demonstrated ability to coordinate incident response in mission critical systems.
• Maintain and update security incident tracking tools, capturing all necessary data and documenting findings.
• Serve as a technical advisor on Application Security best practices, focusing on security, performance, and cost optimization for projects and teams.
• Help to embed security best practices within the automation process, creating a robust and secure cloud environment.
• Diagnose and troubleshoot technical issues, perform root cause analysis, and escalate complex issues when necessary.
• Monitor and optimize application performance and service quality, ensuring high standards and quick issue resolution.
• Communicate updates to project leads and escalate issues when needed, maintaining smooth and transparent communication.

Experience and Professional Qualifications:

• 5+ years of experience in DevSecOps, cloud-based provisioning, CI/CD pipeline management, monitoring, and troubleshooting.
• 5+ years of hands-on experience with public cloud providers 
• Experience with various coding and scripting languages such as Python, TypeScript.
• Strong experience of using modern containerization software including Docker, Kubernetes and serverless technologies.
• Strong knowledge of DevSecOps automation, such as Terraform, Github, and Gitlab.
• Strong understanding of web and network security (eg. OWASP Top 10)
• Excellent problem-solving and analytical skills, with experience interpreting and acting on data.
• Proficiency in evaluating and mitigating the risks associated with application vulnerabilities is essential, encompassing the capability to prioritize findings from static code analysis, dependency scanning, API scanning, secret detection, and web application scanning.
• Understanding of SOC2 Type 2, ISO, GDPR, and CCPA standards and their certification and audit processes.
• Demonstrated ability to communicate technical concepts to varied audiences concisely.
• Experience with data and reporting processes to support DevSecOps KPIs and metrics.
• Demonstrated expertise in strategic thinking, strong business acumen, and a highly creative problem solver.
• Experience with CI/CD security best practices and DevSecOps methodologies.

Nice to have qualities

• Experience with automation tools such as Cloud Formation and Terraform.
• Familiarity with AWS IAM, API Security, Container Security, and Cloud Security.
• Strong knowledge of observability tooling (eg. Datadog, Prometheus).
• Experience with cloud services at scale (VPC, IAM, RBAC, etc…).
• Project Management experience.

#LI-hybrid

Our job titles may span more than one career level. The base pay depends upon many factors, such as training, transferable skills, work experience, business needs, and market demands. The base pay range is subject to change and may be modified. 

Annualized Pay Range$144,000—$184,000 USD

We are dedicated to fostering diversity and inclusion across our organization, embracing the rich tapestry of cultures, backgrounds, and perspectives that our global team brings together in offices around the world. Velocity Global is an Equal Opportunity Employer committed to empowering individuals from all walks of life to achieve their professional goals with us, regardless of race, religion, gender, gender identity, pregnancy, disability, sexual orientation, age, national origin, citizenship status, or genetic information. We actively seek and encourage applications from diverse candidates, including those with disabilities, and offer accommodations throughout the selection process upon request.

Velocity Global offers a range of benefits tailored to the location and type of role. A general benefits overview is below:

• Flexible Time Off + Parental Leave
• Health and Dental Insurance (where applicable)
• Retirement Savings + Employee Incentive Plan
• WFH Stipend
• Company Bonus + Spot Bonuses

Please visit our career page for more information.