Reports to: CTO

Salary Range: $175,000 – $225,000 starting salary

Location: Fully remote with 2 weeks of onsite meetings per year

Benefits: Open PTO · Fully paid medical, vision, and dental insurance · Stock options

Role Responsibilities

• Own Confido Legal's security posture end-to-end, from strategy through hands-on execution
• Serve as the engineering team's point person for security while remaining an active contributor to product development
• Ensure security is embedded into every stage of the product lifecycle, not layered on after the fact
• Lead PCI DSS Level 1 and SOC 2 compliance, including building automation and processes that make ongoing compliance sustainable
• Lead security incident response in collaboration with engineering and executive teams
• Harden our AWS infrastructure and drive security findings toward a consistently clean state
• Identify and remediate sensitive data issues, including encryption at rest where appropriate
• Stay ahead of dependency vulnerabilities and software supply chain risks
• Partner closely with engineering and product to implement practical security best practices
• Participate in customer security and diligence conversations and help build trust with security-conscious buyers

Success Metrics

• PCI DSS Level 1 and SOC 2 certifications are maintained with streamlined, repeatable processes
• Sensitive data is handled securely and consistently across the platform
• Critical and high-severity vulnerabilities are rare, not routine
• Infrastructure and dependency scans return clean results without ongoing fire drills
• Security is a natural part of engineering discussions and design decisions
• Customer security reviews feel routine, clear, and confidence-building
• There is a clear, owned security roadmap aligned with the company's growth

Technology Stack

• TypeScript — all application code is written in TypeScript
• React and Next.js — frontend is a mix of older SPAs written in React and newer Next.js apps; actively transitioning all pages to Next.js
• AWS — all infrastructure deployed on AWS using Pulumi for infrastructure as code
• Docker & ECS — services containerized with Docker and run on ECS clusters
• GraphQL — external-facing API is GraphQL
• CI/CD pipelines — dependency and vulnerability monitoring integrated into deployment workflows
• Figma — used for UI/UX design; engineers actively participate in this work

Ideal Candidate Qualifications

• 5+ years of experience as a senior software engineer or security engineer with substantial security ownership
• Hands-on experience securing production web applications deployed on AWS
• "Seen this movie before" securing real SaaS systems as they scale
• Builds systems that are secure by default and practical to operate
• Comfortable identifying risk, defining tradeoffs, and driving solutions with imperfect information
• Communicates clearly with engineers, product leaders, and non-technical stakeholders
• Takes security seriously while understanding perfection is not achievable
• Values ownership, empathy, and long-term thinking over rigid process

Confido Legal is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity or expression, age, disability status, protected veteran status, or any other characteristic protected by law. This role is US-based. Confido is unable to sponsor a visa at this time.