Lead security initiatives at EvenUp to safeguard critical infrastructure and customer data while collaborating across teams to build innovative, secure solutions.
EvenUp is on a mission to close the justice gap using technology and AI. We empower personal injury lawyers and victims to get the justice they deserve. Our products enable law firms to secure faster settlements, higher payouts, and better outcomes for victims injured through no fault of their own in vehicle collisions, accidents, natural disasters, and more.
We are one of the fastest-growing vertical SaaS companies in history, and we are just getting started. EvenUp is backed by top VCs, including Bessemer Venture Partners, Bain Capital Ventures, SignalFire, and Lightspeed. We are looking to expand our team with talented, driven, and collaborative individuals who seek to have a lasting impact. Learn more at www.evenuplaw.com.
This is a hybrid role, with an expectation of being in our Toronto office three days per week.
EvenUp’s infrastructure team is growing rapidly to support the company’s mission of ensuring personal injury victims receive fair compensation. With ambitious goals to double the size of our engineering team by the end of 2026, we are looking for a hands-on Senior Security Engineer to lead and scale our security efforts. You’ll work across functions to design and maintain secure infrastructure, evaluating whether to build or buy solutions as we grow. Your work will be critical in safeguarding our AI-native document generation platform, trusted by attorneys with over $1.5B in damages claimed to date.
As a Staff Security Engineer at EvenUp, you will set security strategy, collaborate with cross-functional partners, and drive major initiatives that secure customer data, our products, and our company’s reputation.
Risk Management: Identify and address security risks through comprehensive assessments, mitigation strategies, and execution.
Code and Network Security: Ensure secure coding and implement systems to protect against unauthorized access and data breaches.
Incident Response: Develop and execute incident response plans, conduct forensic analysis, and take preventive measures.
Compliance and Ethics: Maintain compliance with regulations and industry standards, promote transparency, and address ethical concerns.
Continuous Monitoring: Establish real-time monitoring systems, conduct regular assessments, and proactively respond to threats.
Vendor & Third-Party Security: Evaluate and secure third-party integrations to prevent vulnerabilities.
Security Training: Educate and raise awareness for security best practices across the engineering team.
Documentation & Reporting: Maintain up-to-date documentation on protocols, incidents, and improvements; report regularly to stakeholders.
Mentorship: Mentor and guide team members to build security expertise across the engineering organization.
8+ years in a security-focused engineering role, with hands-on technical architecture, implementation, and oversight experience
Expertise in SAST/DAST, application security, and CI/CD pipeline integration
Deep knowledge of AI-specific threats (prompt injection, model poisoning, membership inference, adversarial perturbation, output manipulation)
Experience implementing security principles, operating system and web application security, and familiarity with the OWASP Top 10 and common threat tactics
Knowledge of next-generation security technologies (SASE, CASB, RASP)
Hands-on experience with patch management, software supply chain security, and artifact repositories (e.g., JFrog, Snyk)
Strong programming or scripting skills in at least one language (e.g., Python, Ruby, Node.js)
Relevant cybersecurity certification (CISSP, CISM, CISA, CRISC, GIAC, etc.)
Up-to-date on technology and vulnerability trends; ability to secure cloud computing applications and ecosystems
Application/infrastructure-level security design experience, including modern mitigation techniques (e.g., DNS-SEC, cryptographic fundamentals)
Strong automation skills with Python
Infrastructure-as-code or configuration management language fluency
Security controls design and implementation experience
GCP security architecture exposure
Security compliance implementation (SOC2, HIPAA, CCPA)
Penetration testing (web and infrastructure)
Data loss prevention (DLP)
Experience with Kubernetes
#LI-Hybrid
Notice to Candidates:
EvenUp has been made aware of fraudulent job postings and unaffiliated third parties posing as our recruiting team – please know that we have no affiliation or connection to these situations. We only post open roles on our career page (evenuplaw.com/careers) or reputable job boards like our official LinkedIn or Indeed pages, and all official EvenUp recruitment emails will come from the domains @evenuplaw.com, @evenup.ai, @ext-evenuplaw.com, [email protected] or no‑[email protected] email addresses.
To ensure fairness and proper consideration, we do not accept resumes or expressions of interest via email or social media messages. If you’re interested in a role, please submit your application directly through our careers page.
If you receive communication from someone you believe is impersonating EvenUp, please report it to us at [email protected]. Examples of fraudulent domains include “careers-evenuplaw.com” and “careers-evenuplaws.com”.
Benefits & Perks:
As part of our total rewards package, we offer attractive benefits and perks to our employees, including:
Choice of medical, dental, and vision insurance plans for you and your family
Additional insurance coverage options for life, accident, or critical illness
Flexible paid time off, sick leave, short-term and long-term disability
10 US observed holidays, and Canadian statutory holidays by province
A home office stipend
401(k) for US-based employees and RRSP for Canada-based employees
Paid parental leave
A local in-person meet-up program
Hubs in San Francisco and Toronto
Please note the above benefits & perks are for full-time employees
EvenUp is an equal opportunity employer. We are committed to diversity and inclusion in our company. We do not discriminate based on race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.
Health Insurance
Choice of medical, dental, and vision insurance plans for you and your family
Home Office Stipend
A home office stipend
Local meet-up program
A local in-person meet-up program
Paid Parental Leave
Flexible paid time off
Flexible paid time off, sick leave, short-term and long-term disability
EvenUp builds technology and AI-driven tools designed to empower personal injury lawyers and their clients. Our platform focuses on streamlining the settlement process, helping both attorneys and victims achieve justice more efficiently and effectively. By closing the justice gap, we aim to enhance the outcomes for individuals navigating the legal system.
Please mention you found this job on AI Jobs. It helps us get more startups to hire on our site. Thanks and good luck!
Understand the required skills and qualifications, anticipate the questions you may be asked, and study well-prepared answers using our sample responses.
Staff Security Engineer Q&A's