Founding Security Engineer

Founding Security Enginee

Are you a seasoned security professional ready to define and build the security posture for a rapidly growing, mission-driven tech company? Promise is transforming how government agencies and utilities support vulnerable communities, and we're seeking our very first dedicated **Founding Security Engineer** to spearhead our security initiatives from the ground up. This is a unique opportunity to set strategic direction, implement critical safeguards, and ship concrete improvements across our entire security surface area.

## About Promise

Promise is at the forefront of modernizing public systems, making it simpler for residents to access benefits, engage with assistance programs, set up flexible payment plans, and stay on track. We empower agencies to increase efficiency, recover revenue, and deliver services with dignity. Our mission is to transform these systems so they work better for everyone, especially the most vulnerable.

We're backed by over $50 million in funding from top-tier investors like Reid Hoffman, Howard Schultz, Michael Seibel, and Y Combinator. Our innovation has been recognized by Fast Company as one of the "World's Most Innovative Companies of 2022,” Forbes as a “Next Billion-Dollar Startup 2024,” and Y Combinator as the #1 GovTech startup.

Our team comprises experts from leading companies such as Palantir, Google, and Stripe, united by a deep belief in our mission. We're building innovative, resilient technology that makes a real difference, and we're looking for exceptional individuals to join us.

## The Opportunity: Founding Security Enginee

As our Founding Security Engineer, you'll be the foundational security generalist, bridging strategy with hands-on implementation. Our security philosophy centers on enabling Promise and its clients, ensuring a high standard of security through collaborative problem-solving. You will have the autonomy and responsibility to shape our security landscape, working closely with engineering teams to embed security into every facet of our operations.

## What You'll Do

• **Detection & Response:** Design, build, and operate robust detection capabilities, crafting, tuning, and responding to Python-based rules to identify anomalous activity and enhance signal-to-noise.
• **Cloud & Infrastructure Security:** Partner directly with our Infrastructure team to fortify our GCP cloud environment, enhance cloud networking security, and significantly improve Kubernetes security posture.
• **Application Security:** Drive pragmatic upgrades and strengthen application security across our stack, including securing Next.js applications and managing dependencies.
• **Security Automation:** Improve our overall security posture through innovative code and automation, implementing guardrails, security checks, and automated remediation workflows.
• **Vulnerability Management:** Own the end-to-end vulnerability management lifecycle, from identification and prioritization to driving fixes to closure in close coordination with code owners.
• **Security Culture & Awareness:** Cultivate a strong security-first culture by providing clear guidance, delivering effective training, and fostering strong partnerships with engineering teams.
• **AI Security Leadership:** Develop essential technical and policy frameworks to guide the secure and ambitious adoption of AI technologies across the company.
• **Secure Product Design:** Collaborate proactively with engineering on secure product design, architecture, and technical implementation from conception to deployment.

## What You Bring

• **Experience:** 5–8 years of professional experience, with a significant portion focused specifically on security engineering.
• **Cloud Security Expertise:** Strong understanding of cloud security principles and networking, with a preference for GCP experience.
• **Coding Proficiency:** Comfortable reading and writing code, with strong Python scripting skills highly preferred for automation and tooling.
• **Security Tooling:** Hands-on experience operating a variety of security tools, including endpoint/EDR solutions, MDM, audit logging/alerting systems, and CSPM platforms.
• **DevSecOps Fundamentals:** Familiarity with GitHub, Terraform, and CI/CD security best practices.
• **Enabling Mindset:** A strong desire to enable innovation and accelerate development while maintaining robust security.

## Bonus Points

• Experience with Web Application Firewalls (WAFs) and advanced web application security controls.
• Proven threat modeling experience.
• Deep expertise in Kubernetes hardening and runtime security.

---

Promise is an equal opportunity employer and does not discriminate against any applicant or employee because of race, color, religion, sex, sexual orientation, gender identity, national origin, disability, genetic information, age, or military or veteran status. Additionally, the Company complies with applicable state and local laws governing non-discrimination in employment in every jurisdiction in which it operates. Promise is committed to promoting diversity and inclusion in the workplace. We also provide reasonable accommodations to qualified individuals with disabilities, pregnant individuals, and those with sincerely held religious beliefs, in accordance with applicable laws.

Promise engages in US government contracts and restricts hiring to US persons, which includes US citizens and permanent residents (e.g., Green Card holders). Additionally, candidates must reside in the US.