About the Role:

StarTree is seeking a Staff Security Engineer to strengthen our security posture, ensure regulatory compliance, and establish common security controls and practices across the engineering and product organization. As a Staff Security Engineer, you will be responsible for developing and executing a comprehensive security strategy, conducting assessments and testing, managing security content, collaborating with cross-functional teams, and staying updated on emerging threats and technologies.

Responsibilities

• Develop and execute a comprehensive security strategy to protect data assets, systems, and networks.
• Conduct security assessments, vulnerability scans, and penetration testing to identify weaknesses and recommend remediation measures.
• Manage a repository of security content to support client inquiries and ensure successful business operations.
• Evaluate vendor and security provider compliance against standards such as SOC2 and lead preparation for ISO certification.
• Collaborate with engineering and DevOps teams to design and implement secure architectures.
• Monitor and respond to security events and incidents, mitigating potential threats or breaches.
• Conduct security awareness training and promote a culture of security awareness.
• Propose security controls to address identified gaps and facilitate smooth operations.
• Maintain effective relationships with internal stakeholders and senior management.
• Stay updated on emerging security threats, trends, and technologies, making recommendations for continuous improvement.

What we’re looking for:

• Bachelor's degree in Computer Science, Information Security, or related field. Relevant professional certifications (e.g., CISSP, CISM) are a plus.
• 7+ years of experience as a Security Engineer, focusing on securing data and systems in a cloud-based environment.
• Strong knowledge of network protocols, operating systems, and cloud platforms (e.g., AWS, Azure, GCP).
• Experience with security tools and technologies (e.g., SIEM, IDS/IPS, DLP, WAF, vulnerability scanning).
• Familiarity with security standards and government regulations (ISO, SOC2, NIST, GDPR, HIPAA, etc.).
• Proficiency in scripting and automation languages (e.g., Python, Bash) for security solution development.
• Experience with REST API attack detection and prevention, static code analysis, application security testing, and vulnerability scanning.
• Knowledge of cryptography principles and practical application for data and communication protection.
• Excellent problem-solving and analytical skills with the ability to provide practical recommendations.
• Strong communication and interpersonal skills for effective collaboration and stakeholder engagement.

If you are passionate about addressing the security and compliance challenges of a fast growing multi-cloud infrastructure startup and possess the technical expertise and leadership skills to succeed, we encourage you to apply for this exciting opportunity.

The base salary range for this US full-time position is $150,000 - $220,000, subject to standard withholding and applicable taxes. Additionally, new hires receive competitive and compelling equity grants, and access to a comprehensive benefits offering. The base salary range reflects the minimum and maximum target for candidates. The Salary and Equity compensation offered may vary depending on factors including: location, skills, experience, and the assessment process.