Security Engineer

Remote - North America or Europe

At EngFlow, we help developers save time by accelerating software builds and tests. Our cloud-based, distributed service optimizes workflows through remote execution and caching, improving efficiency, developer productivity, and product quality.

Backed by top investors, EngFlow is redefining how companies build and ship well-tested software. Our solutions speed up builds by a factor of 10 or more, while our observability platform provides actionable insights for optimization. Founded by key contributors to Bazel, we build tools that empower engineering teams—from startups to Fortune 500 companies—to enhance developer velocity and improve build performance.

Learn more about our mission, culture, and team: EngFlow | Video

As a Security Engineer, you will report to the Head of Product Engineering, with a dotted line to the CTO. You will work closely with business and technical teams to ensure our systems remain secure, meet SOC 2 compliance, and address security concerns from prospects and customers. You thrive in a fast-paced environment, proactively tackling challenges and ensuring security remains a top priority as we scale.

Key Responsibilities

• Define and enforce security best practices across EngFlow’s infrastructure.
• Manage security audits, including SOC 2 / FedRAMP compliance.
• Oversee penetration testing with external vendors.
• Implement and maintain intrusion detection, vulnerability management, and cloud security controls.
• Collaborate with engineering teams to enhance supply chain security.
• Own and update the Information Security Management System (ISMS) and related documentation.
• Address security reviews, questionnaires, and compliance inquiries from customers.
• Participate in an on-call rotation to support escalated security issues.

Requirements

• Strong analytical skills and passion for security optimization.

• Advanced knowledge of supply chain security and cloud security.

• Experience managing SOC 2 / FedRAMP audits and penetration tests.

• Expertise in intrusion detection, vulnerability tracking, and management.

• Familiarity with at least one build system (Bazel, CMake, Maven, Gradle, Nix, Buck, etc.).

• Experience in DevOps, DevInfra, Linux, and Unix shell.

• Hands-on experience with at least one cloud provider (AWS, Azure, GCP, OpenShift, Oracle Cloud). Terraform experience is a plus.

Benefits

We offer comprehensive medical, dental, vision benefits, 401k bonus, parental leave and generous vacation. The team is fully remote but we enjoy meeting together several times a year at exciting destinations throughout the world. We value getting the work done and having fun while doing it, and have done numerous fun team events such as chocolate, whisky and tea tastings, monthly team games, escape the room among other fun events.