At Scale, our Security Architecture team builds the foundations that allow engineers to ship fast without compromising security. From securing modern TypeScript services and cloud infrastructure to enabling safe adoption of AI-driven systems, our work shapes how products are designed, deployed, and operated across the company. We are looking for a Staff Security Engineer to help define and build the “paved road” for secure development at Scale.

As a Staff Security Engineer, you will operate as a builder first — roughly 60% software engineering and 40% security. You’ll partner deeply with product, platform, and infrastructure teams to design secure architectures, build shared primitives, and influence how engineering teams work end-to-end. This role requires strong production software engineering DNA, architectural judgment, and the ability to lead through influence in a fast-moving, high-impact environment.

You will:

Design and build secure application and infrastructure foundations that engineering teams use by default.

Partner with product and engineering teams across the full SDLC, from RFC and architecture reviews through implementation, launch, and long-term maintenance.

Conduct deep architecture, design, and code reviews, identifying systemic risks beyond individual vulnerabilities.

Build and maintain secure cloud and CI/CD foundations using Infrastructure as Code.

Act as a technical advisor to engineering teams, helping them ship secure, maintainable, production-grade systems.

Serve as a technical point of contact during high-impact security events, contributing engineering and operational leadership.

Influence security strategy and technical direction through tooling, standards, and clear technical guidance.

Mentor engineers and help raise the overall security and engineering maturity of the organization.

Ideally you’d have:

Staff-level experience in 3+ of the areas below (Senior at a minimum):

Deep, production-level expertise in TypeScript and the Node.js ecosystem, including frameworks such as Next.js and modern tooling.

A strong track record of shipping and owning production software, including experience with testing, deployment, and on-call operations.

Experience conducting security, architecture, and design reviews, not just code-level audits.

Deep familiarity with AWS cloud primitives, including IAM, and experience designing systems for multiple environments.

Hands-on experience with Infrastructure as Code (Terraform, CDK, or similar), treating infrastructure as software.

Strong ability to structure ambiguous problems, diagnose root causes independently, and propose pragmatic solutions.

Excellent communication skills, with the ability to explain complex security and architectural tradeoffs to technical and non-technical stakeholders.

A proven ability to influence cross-functional teams and drive adoption of secure patterns without blocking velocity.

Nice to haves: