Benepass

Lead Security Engineer

Benepass$190K — $230K *
US-AnywhereRemote in United States
Information Technology
5 - 7 years of experience
Job Overview by Ladders

Qualifications

  • 7+ years in security engineering or related roles, ideally in a high-growth tech company.
  • Proven leadership in security engineering initiatives and technical influence across teams.
  • Strong understanding of secure SDLC practices and application security methodologies.
  • Hands-on experience with AWS security patterns and related services.
  • Familiar with frameworks like NIST CSF 2.0 and OWASP SAMM for security program maturity.
  • Clear communicator with effective teaching and guidance skills for technical teams.
  • Experience with CI/CD security practices and supply chain security.

Responsibilities

  • Build and scale security engineering practices for the benefits platform.
  • Operationalize security across application, cloud, and supply chain domains.
  • Partner with various teams to integrate security into development and operational workflows.
  • Conduct design reviews and automation for secure deployment processes.
  • Develop clear guidance and guardrails to enhance security without hindering progress.
  • Establish metrics and frameworks to assess and improve security maturity.
  • Engage in direct risk management to align security with business needs and engineering velocity.

Benefits

  • 95% coverage of medical, dental, and vision.
  • $250 one-time work-from-home setup allowance.
  • $500 per year for learning and development.
  • $150 per month for cell phone and internet expenses.
  • $100 per month wellness benefit.
  • $100 per month for co-working and commuter support.
  • Flexible PTO and several team on-site events annually.
Full Job Description
Team & Role

As a Lead Security Engineer at Benepass, you will build, operationalize, and scale the security engineering practices that protect our benefits platform and the sensitive employee, benefits, and financial data it processes. You will work across application security, cloud security, security architecture, supply chain security, detection engineering, and vulnerability management, balancing security depth with the speed and pragmatism required at Benepass.

Reporting to the Head of Infosec & GRC, you will be a senior individual contributor and technical lead with broad influence across Engineering, Product, Platform, and Compliance. You will partner deeply with the teams building our web and mobile applications, backend services, system integrations, card and banking workflows, infrastructure as code, and data platforms to turn risk reduction into scalable guardrails, automated controls, and clear engineering guidance.

You are a builder and security partner at heart - someone who can set direction and mature security capabilities. You know when to introduce strong standards, when to ship incremental improvements, and how to make secure paths the easiest paths for engineers without turning security into a centralized approval queue.

Role Location & Travel

This remote role is based in the United States or Canada. You will be expected to attend company-wide on-site events three to four times per year, as well as occasional on-site office travel as necessary.

About You
  • Security Engineering Technical Lead: You have operated as a senior IC or technical lead for security engineering work, setting strategy while staying hands-on with design reviews, code, automation, tooling, and operational follow-through.
  • Application Security Builder: Deep experience with secure SDLC practices, shift-left security, threat modeling, API security, SAST/code scanning, CI/CD security integrations, security QA, vulnerability management, and developer-friendly security UX.
  • Cloud Security Partner: Comfortable partnering with Platform Engineering on IAM, KMS, CloudTrail, GuardDuty, Security Hub, VPC and network segmentation, WAF, Secrets Manager, RDS, S3, infrastructure-as-code security, container security, and continuous cloud posture management.
  • Security Architecture Partner: Able to reason about access control, encryption standards, certificate management, vaulting, key management, HSM/KMS-backed cryptography, secure system builds, DDoS/WAF/network design, and detection engineering in a modern SaaS environment.
  • Supply Chain Security Owner: Experienced improving dependency management, SBOM generation, artifact signing, secret scanning, third-party risk input, CI/CD hardening, and the security of build and release pipelines.
  • Program Builder: Familiar with NIST CSF 2.0 as a practical maturity framework and able to use OWASP SAMM to shape application security and engineering maturity.
  • Developer Enablement Mindset: You treat security as an engineering enablement function, building scalable guardrails, paved roads, documentation, training, security champions, and feedback loops that help teams move faster with less risk.
  • AI Security Pragmatist: You can help define secure AI tooling usage, LLM and code-assistant governance, and data protection practices for AI-enabled development workflows without blocking useful experimentation.
  • Pragmatic Risk Manager: You can balance ideal security outcomes with engineering velocity and business priorities, making clear tradeoffs and prioritizing the risks that matter most for a growing startup.
Requirements
  • Experience: 7+ years in security engineering, application security, cloud security, product security, platform security, or closely related technical security roles, ideally in a high-growth SaaS or technology company.
  • Technical Leadership: Proven ability to lead broad security engineering initiatives as a senior IC, influence cross-functional technical decisions, and move work from strategy to production implementation.
  • Application Security: Strong working knowledge of secure SDLC practices, secure design review, threat modeling, API security, code scanning, SAST, CI/CD security integrations, security testing, defect management, and vulnerability remediation workflows.
  • AWS Security: Hands-on experience with AWS-native security patterns and services, including IAM, KMS, CloudTrail, GuardDuty, Security Hub, VPC segmentation, WAF, Secrets Manager, S3/RDS encryption, infrastructure-as-code security, container orchestration security, and cloud posture management.
  • Architecture & Cryptography: Ability to guide secure system builds involving access control, encryption standards, key and certificate management, vaulting, secrets management, and managed HSM/KMS-backed cryptographic services.
  • Supply Chain & CI/CD Security: Experience hardening build, test, and deployment workflows through dependency scanning, SBOMs, artifact signing, secret scanning, CI/CD guardrails, least-privilege automation, and container security controls.
  • Security Program Maturity: Ability to use frameworks such as NIST CSF 2.0 and OWASP SAMM pragmatically to assess current state, sequence improvements, define metrics, and mature security practices iteratively.
  • Communication & Education: Clear communicator who can partner with engineering, product, platform, compliance, and business teams; write practical guidance; teach developers; and create durable security champions programs.
  • Execution Discipline: Strong judgment in prioritizing technical risk reduction, managing ambiguity, documenting decisions, and building lightweight processes that scale with the company.
Desirables
  • Experience securing fintech, benefits, payroll, payments, or other regulated SaaS platforms that process PII, financial data, HRIS data, transaction data, or customer administrative workflows.
  • Familiarity with SOC 2, HITRUST, PCI, or similar compliance and audit programs, with the ability to support evidence and control design while staying focused on technical risk reduction.
  • Experience with AWS serverless and managed-service architectures, including API Gateway, Cognito, Lambda, ECS/EKS, RDS, S3, Transfer Family, CloudFront, and event-driven security monitoring patterns.
  • Background with mobile application security for iOS and Android, including secure token handling, platform keychain/keystore patterns, OTA update risk, and mobile API abuse prevention.
  • Experience with detection-as-code, SIEM/SOAR workflows, security data pipelines, incident response automation, or measurable improvements to alert quality and response readiness.
  • Hands-on experience with Terraform, CloudFormation, CDK, policy-as-code, CSPM/CWPP tools, container image scanning, runtime security, or Kubernetes/ECS hardening.
  • Experience designing developer education, secure coding workshops, security champions programs, or other scalable practices that improve security outcomes without slowing delivery.
  • Experience defining practical governance for LLMs, AI coding assistants, prompt/data handling, model/tool approval, and sensitive data protection in AI-enabled software development workflows.
Compensation

$190,000-230,000 + Equity

Range(s) is subject to change. Benepass takes a number of factors into account when determining individual starting pay, including market comparables, interview performance, peer compensation, and years of experience.

What We Offer
  • 95% coverage of medical, dental, and vision
  • Fantastic benefits (of course ), including:
    • $250 WFH setup (one time)
    • $500/year Learning & Development Benefit
    • $150/month cell phone + internet
    • $100/month Wellness
    • $100/month Co-working and Commuter Benefit
  • We offer several team onsites a year
  • Flexible PTO

About Benepass

Benepass is a San Francisco-based company that provides a platform for employers to offer customizable employee benefits packages. The company's platform allows employers to offer a range of benefits, including health insurance, retirement plans, and wellness programs, all in one place. Benepass aims to simplify the process of offering employee benefits, making it easier for employers to attract and retain top talent. The company was founded in 2018 by Veer Gidwaney and Prasad Thammineni.
Learn more about Benepass
Size
10 employees
Industry
Founded
2018

Similar Jobs

More Jobs at Benepass

More Information Technology Jobs

Find similar Lead Security Engineer jobs: