Security Engineering @ ClayWe're building a modern security organization from the ground up. We're hiring
senior or staff-level security engineers who are strong software engineers first, with deep expertise in either
Cloud Security or Application Security and working knowledge across both.
This is a hands-on role. You'll spend significant time writing production code-security tooling, detection systems, remediation pipelines, and frameworks that make secure defaults the easiest path. You'll also help define how we leverage modern automation, including frontier AI models (e.g. Mythos), to scale security operations: autonomously discovering vulnerabilities, reviewing AI-generated code, and building detection systems that understand context and intent.
What You'll Do- Build security primitives, tooling, and automation that scale with the product and engineering org
- Define and implement our strategy for modern security workflows: AI-assisted vulnerability discovery, automated code review, threat detection, and remediation
- Collaborate with Infrastructure and Product Engineering to make secure defaults the easiest path
- Own projects end to end: design, implementation, rollout, and measurement
Cloud Security- Secure our cloud environment (IAM, network policies, container security, secrets management, and misconfiguration prevention).
- Define and enforce least-privilege access patterns across services and humans.
- Improve cloud visibility and control using infrastructure-as-code and cloud security tooling (we currently use Terraform, AWS Config, and AWS Security Hub).
- Develop preventative controls and safe deployment patterns that reduce the probability and blast radius of incidents.
Application Security- Lead secure design and secure coding practices, and prevent common vulnerability classes.
- Perform architecture reviews and code-level security reviews, and work hands-on with engineers to ship fixes.
- Own the vulnerability discovery and validation lifecycle: static and dynamic analysis, dependency checks, pen tests, and bug bounties. Integrate modern automated detection systems (including Claude Mythos-class models) to find vulnerabilities at scale.
- Build and deploy security agents and automated workflows that can scan codebases, propose fixes, and in some cases autonomously deploy security patches.
- Build frameworks and reusable components for authentication, authorization, and secure-by-default patterns.
- Define practical policies and controls for code generation tools and coding agent changes, so they can be used safely and consistently.
What You'll Bring- Strong software engineering fundamentals and a track record of shipping production systems
- Deep expertise in either cloud security or application security, with the ability to flex into the adjacent domain
- Ability to build, not just advise: You translate risk into concrete engineering work and ship solutions
- Comfort with ambiguity: You thrive when building from first principles and defining what good looks like
- Forward-thinking about tooling: Interest in leveraging modern automation and AI to scale security operations while maintaining engineering rigor
Out of ScopeThis is not an IT helpdesk or general operations role. We partner with other teams and vendors for routine operational work so you can stay focused on building scalable security foundations.
