About EvenUp
EvenUp is revolutionizing the legal industry with cutting-edge technology and AI, empowering personal injury lawyers and victims to achieve justice. We're tackling the justice gap head-on, enabling law firms to secure faster settlements, higher payouts, and better outcomes for victims of vehicle collisions, accidents, natural disasters, and more.
Backed by top VCs like Bessemer Venture Partners, Bain Capital Ventures, SignalFire, and Lightspeed, we're one of the fastest-growing vertical SaaS companies ever, and we're just getting started! Join our team of talented, driven, and collaborative individuals and make a lasting impact.
Learn more at www.evenuplaw.com.
The Opportunity: Staff Security Engineer
Our engineering team is rapidly expanding, projected to double in size by the end of 2026. We're seeking a passionate and experienced Staff Security Engineer to lead our security efforts and drive our growth. This is a hands-on role where you'll collaborate cross-functionally, manage security within our infrastructure, and help us determine the best path forward – building vs. buying security solutions.
What You'll Do:
Risk Management: Proactively identify, assess, and mitigate security risks through comprehensive strategies.
Code and Network Security: Champion secure coding practices and implement robust measures to prevent unauthorized access and data breaches.
Incident Response: Develop and execute incident response plans, conduct thorough forensic analysis, and implement preventative measures.
Compliance and Ethics: Ensure EvenUp systems adhere to regulations and industry standards, addressing ethical considerations and promoting transparency.
Continuous Monitoring: Establish and maintain real-time monitoring systems to detect and respond to security threats, and conduct regular assessments.
Vendor and Third-Party Security: Rigorously assess and secure third-party components integrated into our systems to prevent vulnerabilities.
Security Training: Develop and deliver security training programs to enhance the team's security awareness and foster a security-conscious culture.
Documentation and Reporting: Maintain detailed documentation of security protocols, incidents, and improvements, and communicate regular reports to stakeholders.
What We're Looking For:
10+ years of hands-on implementation experience in a security-focused role, with a strong emphasis on secure technical architecture, implementation, and oversight in a team setting (e.g., conducting solution security reviews).
Proven expertise in SAST/DAST, application security, and CI/CD pipeline integration.
Deep understanding of AI-specific threats: prompt injection, model poisoning, membership inference, adversarial perturbation, and output manipulation.
In-depth knowledge and implementation experience of information security principles, policy enforcement, operating systems, web application security, and a high-level familiarity with malicious code uses, OWASP Top 10, and common hacking techniques.
Experience designing and implementing next-generation security technologies such as SASE, CASB, or RASP.
Hands-on experience with application patch management, software supply chain security, or artifact repositories like JFrog and Snyk.
Strong fluency in at least one programming or scripting language: Python, Ruby, NodeJs.
Cybersecurity certification (e.g., CISSP, CISM, CISA, CRISC, GIAC or other relevant certification).
Up-to-date knowledge and regular monitoring of the evolution of technologies and vulnerabilities to identify the solutions and measures necessary to secure cloud computing applications and ecosystems.
Hands-on and in-depth experience with application and infrastructure-level design security including modern mitigation techniques and good practices (e.g., DNS-SEC, OWASP Top 10 mitigations, cryptographic fundamentals etc.).
Strong hands-on skills with creating automations using Python.
Nice to Haves:
Fluency with at least one infrastructure-as-code or configuration management language.
Experience in the design and implementation of security controls.
Hands-on experience with GCP security architectures.
Experience with the implementation of security compliance standards SOC2, HIPAA, and CCPA.
Experience with design and enforcement of security best practices for development.
Experience with planning and execution of security web and infrastructure pen testing.
Experience with DLP (data loss prevention).
Experience with Kubernetes.
Experience with risk modeling for AI/ML data protection.
Notice to Candidates:
EvenUp is aware of fraudulent job postings and unaffiliated third parties posing as our recruiting team. We only post open roles on our career page (evenuplaw.com/careers) or reputable job boards like our official LinkedIn or Indeed pages. All official EvenUp recruitment emails will come from the domains @evenuplaw.com, @evenup.ai, @ext-evenuplaw.com, [email protected] or no‑[email protected] email addresses.
To ensure fairness and proper consideration, we do not accept resumes or expressions of interest via email or social media messages. Please submit your application directly through our careers page.
If you receive communication from someone you believe is impersonating EvenUp, please report it to us at [email protected]. Examples of fraudulent domains include “careers-evenuplaw.com” and “careers-evenuplaws.com”.
Benefits & Perks:
We offer an attractive total rewards package, including:
Choice of medical, dental, and vision insurance plans for you and your family
Additional insurance coverage options for life, accident, or critical illness
Flexible paid time off, sick leave, short-term and long-term disability
10 US observed holidays, and Canadian statutory holidays by province
A home office stipend
401(k) for US-based employees and RRSP for Canada-based employees
Paid parental leave
A local in-person meet-up program
Hubs in San Francisco and Toronto
Please note the above benefits & perks are for full-time employees
EvenUp is an equal opportunity employer. We are committed to diversity and inclusion in our company. We do not discriminate based on race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.