Level Up Justice: Join EvenUp as a Senior Security Engineer
EvenUp is revolutionizing the legal landscape, closing the justice gap with cutting-edge technology and AI. We empower personal injury lawyers and victims to secure faster settlements, higher payouts, and better outcomes in cases ranging from vehicle collisions to natural disasters. Join us in building a safer, more equitable future!
As one of the fastest-growing vertical SaaS companies, backed by leading VCs like Bessemer Venture Partners and Bain Capital Ventures, we're seeking a passionate and driven Senior Security Engineer to join our expanding infrastructure team. If you're ready to make a tangible impact, this is your chance to lead the charge in securing our innovative platform.
The Mission: Your Impact
As a Senior Security Engineer, you'll be at the forefront of protecting our platform and data, ensuring the integrity and confidentiality of sensitive information. You will be instrumental in evaluating and implementing security solutions, both building and buying, to meet our evolving needs. Dive deep into our code, infrastructure, and AI models to proactively identify and mitigate vulnerabilities.
Risk Management: Proactively identify, assess, and mitigate security risks across the organization.
Code and Network Security: Fortify our platform through secure coding practices and robust network security measures, preventing unauthorized access and data breaches.
Incident Response: Lead the charge in developing and executing incident response plans, conducting forensic analysis, and implementing preventative measures to minimize impact.
Compliance and Ethics: Ensure EvenUp's systems adhere to regulations and industry standards, championing ethical considerations and promoting transparency in our AI-driven solutions.
Continuous Monitoring: Establish real-time monitoring systems to detect and respond to emerging threats, conducting regular security assessments to stay ahead of the curve.
Vendor and Third-Party Security: Rigorously assess and secure third-party components integrated into our systems, mitigating potential vulnerabilities in the supply chain.
Security Training: Empower our team with comprehensive security awareness training, fostering a security-conscious culture across the organization.
Documentation and Reporting: Maintain detailed documentation of security protocols, incidents, and improvements, providing regular reports to stakeholders to keep them informed.
What You'll Bring: Your Arsenal
We're looking for a seasoned security professional with a passion for problem-solving and a deep understanding of modern security threats and mitigation techniques.
8+ years of hands-on implementation experience in a security-focused role, emphasizing secure technical architecture, implementation, and team oversight (e.g., conducting solution security reviews).
Proven expertise in SAST/DAST, application security, and CI/CD pipeline integration.
Deep understanding of AI-specific threats, including prompt injection, model poisoning, membership inference, adversarial perturbation, and output manipulation.
In-depth knowledge of information security principles, policy enforcement, operating systems, web application security, OWASP Top 10, and common hacker techniques.
Experience designing and implementing next-generation security technologies like SASE, CASB, or RASP.
Hands-on experience with application patch management, software supply chain security, or artifact repositories like JFrog and Snyk.
Strong fluency in at least one programming or scripting language: Python, Ruby, NodeJs.
Cybersecurity certification (e.g., CISSP, CISM, CISA, CRISC, GIAC or other relevant certification).
Up-to-date knowledge and regular monitoring of evolving technologies and vulnerabilities to identify solutions and measures necessary to secure cloud computing applications and ecosystems.
Hands-on experience with application and infrastructure-level design security, including modern mitigation techniques and good practices (e.g., DNS-SEC, OWASP Top 10 mitigations, cryptographic fundamentals).
Strong hands-on skills with creating automations using Python.
Bonus Points: Your Edge
These skills aren't required, but they'll definitely give you an advantage:
Fluency with at least one infrastructure-as-code or configuration management language.
Experience in the design and implementation of security controls.
Hands-on experience with GCP security architectures.
Experience with the implementation of security compliance standards SOC2, HIPAA, and CCPA.
Experience with design and enforcement of security best practices for development.
Experience with planning and execution of security web and infrastructure pen testing.
Experience with DLP (data loss prevention).
Experience with Kubernetes.
Experience with risk modeling for AI/ML data protection.
Benefits & Perks: Our Commitment to You
We value our employees and offer a comprehensive benefits package, including:
Choice of medical, dental, and vision insurance plans for you and your family
Additional insurance coverage options for life, accident, or critical illness
Flexible paid time off, sick leave, short-term and long-term disability
10 US observed holidays, and Canadian statutory holidays by province
A home office stipend
401(k) for US-based employees and RRSP for Canada-based employees
Paid parental leave
A local in-person meet-up program
Hubs in San Francisco and Toronto
Please note the above benefits & perks are for full-time employees
Learn more about EvenUp and our mission.
EvenUp is an equal opportunity employer. We are committed to diversity and inclusion in our company. We do not discriminate based on race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.
Notice to Candidates:
EvenUp has been made aware of fraudulent job postings and unaffiliated third parties posing as our recruiting team – please know that we have no affiliation or connection to these situations. We only post open roles on our career page (evenuplaw.com/careers) or reputable job boards like our official LinkedIn or Indeed pages, and all official EvenUp recruitment emails will come from the domains @evenuplaw.com, @evenup.ai, @ext-evenuplaw.com, [email protected] or no‑[email protected] email addresses.
To ensure fairness and proper consideration, we do not accept resumes or expressions of interest via email or social media messages. If you’re interested in a role, please submit your application directly through our careers page.
If you receive communication from someone you believe is impersonating EvenUp, please report it to us at [email protected]. Examples of fraudulent domains include “careers-evenuplaw.com” and “careers-evenuplaws.com”.