About the Role
As Pipedream's first dedicated Security Engineer, you will own platform security end-to-end — tooling, process, threat modeling, and audits — while working hands-on in the codebase to find and fix vulnerabilities yourself. This is a deeply technical individual contributor role with broad scope. You will build a security function from scratch at a platform serving thousands of developers.
In this role, you will be responsible for:
Finding and patching vulnerabilities directly in code and dependencies. Pipedream runs a polyglot stack — TypeScript, Rust, Kotlin, Ruby, and more — so you will read and fix code across all of it.
Building and maintaining the platform's threat model, and partnering with Product and Engineering to ship new features securely without slowing them down.
Securing cloud infrastructure (AWS, GCP) and the third-party vendor surface (Redis, Datadog, and others).
Leading incide...