Security Engineer

Company	Patreon
Location	San Francisco, CA, USA, Remote in USA, New York, NY, USA
Salary	$160700 – $241500
Type	Full-Time
Degrees	Bachelor’s
Experience Level	Mid Level, Senior

Requirements

Minimum of 4 years of combined experience in Security Engineering, GRC, or related roles in an enterprise or cloud-native environment.
Bachelor’s degree in Computer Science, Information Security, or related field (or 6+ years of relevant experience in lieu of degree).
Strong foundation in one or more programming/scripting languages (e.g., Python) for automation and tooling.
Hands-on experience implementing and managing security controls (SIEM, SOAR, EDR, IDS/IPS, IAM).
Demonstrated ability to evaluate and secure cloud infrastructure using IaC tools (e.g., Terraform, CloudFormation).
Proficiency in threat detection, incident response, and investigation methodologies (familiarity with MITRE ATT&CK).
Working knowledge of key security standards and regulations (e.g., NIST CSF, ISO 27001, HIPAA, PCI-DSS, GDPR).
Experience executing audits, risk assessments, and managing compliance programs; familiarity with GRC platforms preferred.
Ability to develop meaningful security metrics and translate technical details into business-impact language.

Responsibilities

Architect and deploy tools and processes that strengthen our infrastructure and corporate security posture in cloud-native (AWS), containerized (Kubernetes/Docker), and on-prem environments.
Engineer and maintain controls across multiple security domains (e.g., Endpoint Detection and Response, Cloud Detection and Response, CI/CD, SIEM, IAM, PKI, etc.).
Develop and refine security detection rules, playbooks, and workflows to respond to threats in real time.
Build integrations and automated pipelines leveraging DevOps/SecOps tools (e.g., Python scripting, APIs, webhooks) to accelerate investigation and remediation.
Triage and investigate security alerts and incidents, leading cross-functional coordination when required.
Drive the continuous improvement of incident response processes and technologies used for detection and containment.
Lead risk management efforts by conducting risk assessments, third-party vendor reviews, and compliance checks against frameworks (e.g., ISO, NIST, PCI, HIPAA).
Develop and maintain security metrics (KRI/KPI/OKR) to communicate program effectiveness and inform strategic decisions.
Contribute to audits, assessments, and certification processes; maintain and optimize GRC tooling to manage evidence gathering and continuous monitoring.
Draft and evolve security policies, standards, and documentation in alignment with regulatory requirements and industry best practices.
Partner with Product, Engineering, Legal, and other business teams to embed security requirements into new and existing features.
Provide threat modeling and security architecture guidance to software development teams to ensure secure design from the ground up.
Participate in proactive threat hunting and vulnerability management programs to reduce risk exposure.
Remain current on industry trends, emerging threats, and new security technologies.
Act as an internal champion for security awareness, training, and best practices across the organization.

Preferred Qualifications

Familiarity with GRC platforms preferred.