Senior Security Engineer

Scribd Remote US Canada Full-time

At Scribd (pronounced “scribbed”), our mission is to spark human curiosity. Join our team as we create a world of stories and knowledge, democratize the exchange of ideas and information, and empower collective expertise through our three products: Everand, Scribd, and Slideshare. 
We support a culture where our employees can be real and be bold; where we debate and commit as we embrace plot twists; and where every employee is empowered to take action as we prioritize the customer.
Our flexible work benefit – Scribd Flex – enables employees, in partnership with their manager, to choose the daily work-style that best suits their individual needs. As an organization, we prioritize collaboration and intentional in-person moments to build culture and connection. For this reason, occasional in-person attendance is required for all Scribd employees, regardless of their location.
About the team and role:
Our Infrastructure Security team is responsible for ensuring the security of both our applications and our cloud infrastructure. We take a proactive “shift-left” approach, integrating security measures throughout the software development lifecycle – from the earliest stages of coding to production deployment. We collaborate closely with software engineers, infrastructure platform teams, product teams, and leadership to proactively identify and address vulnerabilities, manage security tooling, and foster a culture of secure coding.
As a Senior Security Engineer, you will be integral to our security strategy. You’ll work with a variety of security tools to protect our systems and data and design automation and tooling to streamline security operations. This role is a fit for someone with a passion for security and a solid background in software engineering.

You will:

  • Configure, maintain, and integrate security tooling (SCA, SAST, bug bounty platforms) into our SDLC.
  • Analyze security tool findings, prioritize risks, identify systemic issues, and collaborate with teams to remediate them.
  • Participate in threat modeling and secure design to minimize attack surface and risks, helping developers ship more securely and fostering a strong security culture.
  • Stay current with security trends, tracking emerging threats and advances in security technology, and recommend new tools or processes to continually improve our security posture.
  • Perform incident response for potential and confirmed security breaches.
  • Develop automated solutions for repetitive security-related tasks and foundational guardrails to ensure security compliance.
  • Provide subject matter expertise in Information, Cloud, and Application Security to other engineering teams.
  • Conduct “Red Team”-style assessments, including network analysis, web application vulnerability assessments, and manual validation of security controls.

You have:

  • 3+ years of experience in a security engineering role or an equivalent blend of software and security engineering experience.
  • Proven ability to take ownership of high-impact projects, working cross-functionally with product, design, and engineering teams to deliver results on time.
  • Ability to define security plans and goals, influence roadmaps, and effectively communicate security concepts to engineers, leadership, and executives, ensuring alignment and driving adoption of security best practices.
  • A deep understanding of securing web applications.
  • Proficiency in at least one backend language (preferably Ruby, Python, or Go) and familiarity with a frontend stack (preferably React).
  • Familiarity with security frameworks (e.g., NIST SSDF) and regulations (e.g., GDPR, PCI).
  • Experience with Infrastructure-as-Code technologies like Terraform or CloudFormation.
  • Experience with SIEM technologies such as Splunk or Elasticsearch.
  • Experience performing manual secure code reviews.