Senior Security engineer

About Watershed

Watershed is the enterprise sustainability platform. Companies like Airbnb, Carlyle Group, FedEx, Visa, and Dr. Martens use Watershed to manage climate and ESG data, produce audit-ready metrics for voluntary and regulatory reporting including CSRD, and drive real decarbonization. We are looking for team members who love product-building, want to work hard at a mission-oriented startup, and will collaborate with us in shaping the culture of a growing team.

We have offices in San Francisco, New York, London and Sydney, and remote team members across the US and Europe. We hope that you'll be interested in joining us!

The role

The Senior Security Engineer will drive the product security vision, strategy, and best practices across product teams. You'll lead threat modeling exercises, collaborate with engineering to enhance our secure software development stack and CI/CD pipeline, and manage our bug bounty programs and third-party security testing. You'll also evaluate vulnerability reports, prioritize remediation efforts, and design robust threat detection, monitoring, and incident response architectures.

In this role, you will:

• Drive product security vision, strategy, and best practices across product teams
• Lead security design reviews for new and existing products to identify potential security vulnerabilities
• Collaborate with engineering to manage and improve the secure software development stack and CI/CD pipeline
• Manage and enhance our bug bounty programs and third-party security testing
• Evaluate vulnerability reports, prioritize remediation, and communicate findings
• Design and build threat detection, monitoring, investigation, and response architectures
• Monitor and evaluate operational/security alerts
• Participate in investigations and incident response activities; build playbooks

You might be a good fit if you have:

• BS in computer science, information security, or a related field or equivalent experience
• 5-7+ years in security engineering
• Experience in growing & formalizing security programs
• Strong knowledge of GCP
• Deep understanding of threat modeling, risk management, and vulnerability assessment methodologies
• Proficiency in multiple programming languages and familiarity with secure coding practices and frameworks such as OWASP and CIS Controls (Was SANS Top 20)
• Hands-on experience with security tools and experience integrating automated security testing into CI/CD pipelines
• Excellent leadership, communication, and collaboration skills, with the ability to work effectively across diverse teams

Great if you also have: 

• SaaS industry background

Preference is given to candidates in the San Francisco Bay Area

Join Us:

If you're passionate about climate change and have the security expertise to help us protect our mission, we want to hear from you! Apply today and be a part of the solution.

At Watershed, we strive to design consistent, fair, and competitive compensation programs. The total cash compensation range may be inclusive of several levels at Watershed and final offer will be determined by a number of factors, including the candidate’s skills, capabilities, and location, as well as scope of the role.

The anticipated cash compensation range is in addition to a total rewards benefit package including equity, health/dental/vision insurance, 401(k), unlimited paid time off, paid parental leave, fertility, and mental health programs etc. 

Salary Range$210,000—$250,000 USD

 

FAQ

Where does Watershed work?

We have hub offices in San Francisco, New York and London, and some remote team members in the US and EU. Most of our jobs need to be in San Francisco / New York / London, but certain jobs are open to being remote and will be specifically noted on the jobs page and in the job description.

What’s the interview process like?

It starts the same for every candidate: getting to know the team members through 1 to 2 conversations about Watershed, your experience, and your interests. Next steps can vary by role, but usual next steps are a skill or experience screen (e.g. a coding interview for an engineer, a portfolio review for a designer, deeper experience call for other roles) which leads to a virtual or in person interview panel after that if the screens go well. We prioritize transparency and lack of surprise throughout the process.

Please note Watershed will only conduct interviews via official company channels (Google Workspace, Zoom). We do not use platforms such as Signal, WhatsApp, etc. to conduct official interviews nor to complete any part of our onboarding process. If you are reached out to on these platforms from anyone claiming to be from Watershed please let us know.