Lead Security Engineer

Company Description Swiftly is on a mission to help cities move more efficiently. We are the leading transit data platform for agencies to share real-time passenger information, manage day-to-day operations, and improve service performance. Today, over 180 transit agencies in 12 countries – including LA Metro, MARTA, SEPTA, and MBTA – rely on Swiftly to improve on-time performance by up to 40% and increase passenger information accuracy by up to 50%. The result is better service reliability, increased ridership, and more efficient transit operations. Even though Swiftly's HQ office is located in San Francisco, CA, we are open to candidates in most locations across the U.S. as well as Ontario and British Columbia, Canada. At this time we are unable to provide Visa sponsorship. Engineering at Swiftly Engineering at Swiftly is not only about writing code – we believe in creating empowered product teams that work together to conceptualize new features and bring them to life. Each team aims to strike a balance between delivering incremental improvements, creating prototypes to test new ideas and mitigate risks, and building scalable software using industry best practices. We’re guided by a mission to positively impact transit riders, and we embrace humility and intentionality in how we make technical decisions so that we best meet our customers’ needs. About the Role We're looking for a Lead Security Engineer to join our Platform team and mature Swiftly's security posture. We believe excellent security isn't just about tools and controls; it's about empowering product, infrastructure, and corporate IT teams across our organization to make secure decisions every day.In this role, you'll partner closely with engineering, product, and go-to-market teams to design secure solutions, build DevSecOps tooling, and drive our compliance roadmap. You'll balance strategic initiatives with hands-on work in our cloud-native environment.We're looking for someone equally comfortable working on codebases and leading cross-functional initiatives, a force multiplier who can train teams, represent security to customers and executives, and make security a natural part of how Swiftly ships products. What You'll Do Make Swiftly Secure - Own Swiftly's security risk register and threat models; identify, prioritize, and drive remediation of risks across application and infrastructure. - Design secure architectures for our SaaS platform, mobile applications, and IOT/Hardware Integration, focusing on authentication, authorization, data protection, and network boundaries - Recommend, implement, and manage security tools end-to-end - Build DevSecOps guardrails into CI/CD so vulnerabilities, misconfigurations, and license issues surface early - Conduct internal security assessments and coordinate engagements with external penetration testers. - Own security policies and standards; ensure they're practical, adopted, and measurable - Define standards for secure adoption of AI coding assistants, building reusable patterns, custom configurations, and guardrails that help developers move fast safely Compliance & Customer Trust - Lead renewals and continuous readiness for existing certifications like SOC 2 - Proactively identify security frameworks required for international expansion; scope cost, level of effort, and timelines to inform market entry decisions; and lead execution of new certifications - Respond to customer security and compliance inquiries and support product marketing with security content Incident Response & Detection - Design and maintain security incident response plans, playbooks, and escalation paths - Serve as an escalation point for security incidents; lead triage, root cause analysis, and remediation Security Leadership - Define and maintain security KPIs and dashboards for executive and board reporting - Give teams visibility into their security posture and coach them to improve - Influence roadmap prioritization to ensure security and compliance are first-class concerns - Mentor engineers in secure design and help grow a security-aware culture across Swiftly by delivering security training and office hours for developers and other stakeholders - Drive corporate IT security strategy, including endpoint hardening, email security, IAM standards, and periodic access reviews What will set you up for success

5+ years of experience in security engineering with both strategic and hands-on work

Strong experience securing cloud-native environments (AWS preferred), including IAM, networking, logging/monitoring, and secrets management

Hands-on experience with infrastructure-as-code (Terraform) and policy-as-code frameworks (OPA, Sentinel, or similar)

Background building security into CI/CD pipelines and development workflows

Familiarity with container and orchestration security

Excellent threat modeling and risk assessment skills; able to translate complex risks into clear options and tradeoffs

Experience with compliance frameworks (SOC 2 preferred) and audit processes

Strong communication skills; comfortable working across technical and non-technical teams

Self-directed and comfortable operating with autonomy

Nice to Haves

Relevant certifications (CISSP, cloud security certifications)

Experience advising on security for AI/ML or LLM-powered features

Mobile application security experience (Android preferred)

Experience with GRC and compliance platforms

Background in application security or penetration testing

Experience with international compliance frameworks

Familiarity with regulated industries or public sector requirements

Experience with physical device security (IoT, embedded systems, or field-deployed hardware)

Experience with Mobile Device Management (MDM) solutions for enterprise or fleet deployments