[Hiring] Senior Software Security Engineer @Kentik

Role Description

The Senior Software Security Engineer is a key technical leader within our growing Security organization, responsible for owning and evolving the technical strategy and execution of Kentik’s application and software security programs. This role plays a critical part in shaping the company’s overall security posture and enabling the engineering organization to ship secure software at scale.

As part of a small, dynamic team, the Senior Software Security Engineer acts as a Builder–Defender. They don’t just identify vulnerabilities and respond to threats — they design and build preventative controls, internal tools, and frameworks that embed security directly into our development processes. Operating at the intersection of Application Security and Software Engineering, this role ensures security is a first-class citizen throughout the SDLC while balancing risk, velocity, and developer experience.

What you'll do

• Secure SDLC: Continuously evolve Kentik’s secure SDLC strategy, defining security and privacy standards from design through deployment in partnership with key stakeholders. Design and implement automated security guardrails in CI/CD pipelines to detect vulnerabilities, dependency risks, and misconfigurations in real time, enabling teams to move fast without sacrificing security.
• Vulnerability Management: Lead the analysis and resolution of complex, high-risk, or systemic vulnerabilities, partnering with engineers to design durable fixes and reusable security patterns. This also includes tooling selection, prioritization frameworks, remediation workflows, and developer guidance.
• Threat Detection & Response: Lead threat management automation capabilities by designing automated detections, response playbooks, and escalation paths. Be part of security operations by responding to security alerts/incidents and continuously improving response effectiveness through automation and post-incident learnings. Manage and evolve bug bounty and penetration testing programs in partnership with internal and external stakeholders.
• Internal Tooling & Framework: Design, build, and maintain internal security tools, platforms, and frameworks used broadly across the engineering organization. Focus on scalability, reliability, and developer experience while delivering capabilities such as automated scanning, validation, and security reporting and dashboards.
• Security Guidance and Enablement: Act as a trusted security advisor to engineering and product teams, providing practical guidance during design reviews, architectural discussions, and roadmap planning. Drive security adoption through collaboration rather than gatekeeping, helping teams make informed risk-based decisions.
• Training & Culture: Drive security and privacy awareness across the organization by delivering role-specific training, secure design guidance, and ongoing education. Help foster a culture where security is a shared responsibility embedded into everyday engineering practices.

Qualifications

• 5+ years of experience in Software Engineering and/or Security Engineering, with demonstrated senior-level impact across multiple systems or teams.
• Strong proficiency in at least one modern programming language (e.g., Python, Go, or Node.js), with an emphasis on building maintainable, production-quality systems and tooling.
• Deep understanding of common application security vulnerabilities (e.g., OWASP Top 10), including root causes, exploitability, and real-world risk, and the ability to communicate these effectively to engineers.
• Strong experience with Linux, containers/Kubernetes, and infrastructure as code in at least one major public cloud provider (AWS, GCP, or Azure).
• Experience leading threat detection and response efforts, including automation of detections and response playbooks.
• Proven ability to work cross-functionally with engineering, product, and other stakeholders, influencing outcomes through collaboration and technical leadership.

Nice to haves

• Experience defining and tracking security metrics and building dashboards to measure program effectiveness.
• Experience working in a remote environment.
• Experience working in a pre-IPO startup environment.

Our tech stack

• Our core data engine and platform are primarily written in Go.
• We use Node.js + Express for application serving, and React as our primary UI framework.
• We also use some JS and Python for tooling/scripting.
• In addition to our own database, we use Postgres, Kafka, Mysql, and Redis.
• Internal and public APIs expose both rest/json and gRPC endpoints.
• Haproxy, Envoy for API traffic routing and balancing.
• Github for source control, PRs, issues.
• Jenkins for automated builds.

Benefits

• Kentik is a fully remote company that operates globally.
• Competitive salary and amazing benefits.
• Compensation range for this position is €75,000 – €100,000.
• The actual compensation offered may vary based on experience, competencies, and geographic market.

Company Description

Kentik is the network intelligence platform for modern infrastructure teams. Unlike traditional monitoring and observability tools, we demystify complex network operations, enabling organizations to deliver applications and innovation at scale. Built by network experts to make critical insight accessible to every engineer, Kentik is the real-time source of truth that understands every network in context — from data center to cloud to the internet. This single platform unifies and correlates cloud, device, flow, and synthetic data to turn telemetry into action.