Senior Staff Engineer - Product Security

About this role:

Faire operates at serious scale — a global marketplace handling real money movement, sensitive business data, and the financial futures of hundreds of thousands of independent retailers and brands. Security here isn't a compliance checkbox. It's a core part of how we build, and how we grow.

We've built solid security foundations. Now we're looking for someone to take them to the next level — designing the architecture and automation that lets product engineers build securely by default, without friction. If you're energized by the challenge of making security invisible to developers while making it impossible to skip, this role was written for you.

Our Engineering organization owns the software that makes our marketplace work. Our Product Security team enables product engineering teams to develop and deploy secure software that makes that happen. We care about good engineering practice and love to write software that is secure, tested, easy to maintain, and can scale to millions of users. We build scalable, reusable frameworks; consult with product teams; listen to the data; and iterate.

As a Senior Staff Software Engineer, Product Security, you'll be the technical lead for the Product Security domain — owning the long-term direction for how security is designed, built, and automated across Faire's entire application stack. You will partner closely with Platform and Product Engineering teams to identify and mitigate security risks, lead major security initiatives, and mentor engineers across the company to raise the bar on secure engineering practices.

You will also drive cross-functional programs to ensure security is deeply integrated into our architecture, pipelines, and developer experience — reducing risk while maintaining velocity.

Why now:

Faire has spent the last few years scaling fast — expanding globally, growing to hundreds of thousands of retailers and brands, and building the infrastructure to match. Security has kept pace, but we've reached an inflection point. The foundations are in place. What's next requires a different kind of thinking: less reactive, more architectural. Less manual review, more automation baked into every pipeline and framework from day one.

At the same time, this is a role with room to grow. We're hiring at Senior Staff — a level above what currently exists on the team — because we need someone who can elevate the technical bar across the board and, over time, extend that leadership into infrastructure security as well. The person who takes this seat won't just be joining a team. They'll be defining what the team becomes.

What you'll own:

• Set the long-term technical direction for application security at Faire, establishing scalable, developer-friendly frameworks and principles that enable secure development across all product areas. This role also provides the candidate the opportunity to expand technical leadership scope to infrastructure security.
• Lead the design and implementation of high-impact, reusable frameworks for security use cases such as authentication, authorization, secrets management, and data protection.
• Architect and automate security controls within our development and deployment pipelines — enabling proactive prevention, detection, and remediation of vulnerabilities at scale.
• Partner with senior engineering and platform leaders to influence system design, threat models, and architecture decisions that strengthen Faire's overall security posture.
• Drive strategic cross-functional initiatives, collaborating with Platform, Infrastructure, Risk, and Compliance teams to integrate security deeply into our technical and operational foundations.
• Mentor and guide engineers across the organization, raising the bar for secure software design, technical rigor, and security-first thinking.
• Lead complex investigations and incident response efforts, ensuring rapid, effective remediation and continuous improvement of our security systems.
• Stay ahead of emerging threats and technologies, incorporating modern security practices and automation into Faire's engineering ecosystem.

What you bring:

• Deep expertise in software security architecture and engineering, with a proven ability to design and scale security frameworks across a large, distributed system.
• Strong programming skills and experience in multiple languages (e.g., Kotlin, Python, TypeScript, Java, or Go), with the ability to influence engineering design through code and review.
• A track record of technical leadership — driving company-wide or cross-organizational initiatives that improved security posture, developer experience, or system resilience.
• Experience building and deploying security automation at scale, including CI/CD integrations, vulnerability management pipelines, and automated testing or remediation frameworks.
• Hands-on experience with cloud environments and modern infrastructure (AWS, OCI, GCP), including Kubernetes, Terraform, and container security.
• A deep understanding of application security principles and practices, including authentication, authorization, data protection, and common web application vulnerabilities (OWASP Top 10).
• A strategic mindset — you can balance risk reduction with engineering velocity and developer enablement.
• Excellent communication and collaboration skills, with the ability to influence senior leaders and guide engineering teams across multiple domains.
• A passion for mentoring others and cultivating a security-first engineering culture through partnership, guidance, and empathy.

Technologies we use and teach:

• Kotlin, TypeScript, Python
• AWS, OCI, Terraform, Kubernetes
• HTTP, JSON, and Protocol Buffers
• MySQL, DynamoDB, CockroachDB

Salary range:

San Francisco: The pay range for this role is $268,000 - $368,500 per year.

This role will also be eligible for equity and benefits. Actual base pay will be determined based on permissible factors such as transferable skills, work experience, market demands, and primary work location. The base pay range provided is subject to change and may be modified in the future.