The PlanetScale platform offers both PostgreSQL and Vitess clusters and will soon offer sharded PostgreSQL clusters with Neki.
Our customers entrust us with what is often their most precious digital asset, their data, so the stakes couldn't be higher. We're looking for a Software Engineer: Information Security to join our team and help us build security into every layer of our infrastructure while maintaining our exceptional developer experience.
What's the job to be done?- You will design and implement security controls for PlanetScale's cloud-native database platform, protecting millions of queries per second for some of the world's largest applications.
- You will collaborate with engineering teams to conduct security reviews, threat modeling, and provide secure coding guidance across our distributed systems.
- A special focus for this role is on proactive red teaming and testing - you will consistently try to break into the PlanetScale platform as an attacker would, and help patch what you find
- You will evaluate, procure, and implement proactive security tools and technologies to strengthen our security posture.
- You will work closely with our compliance team to ensure adherence to SOC 2, PCI DSS, and other security frameworks.
- You will build security automation and tooling to scale security practices across the engineering organization.
- You will respond to security incidents and conduct post-incident reviews to improve our security resilience.
These attributes best describe you...- You are passionate about building secure, scalable systems and understand that security is everyone's responsibility.
- You have strong experience with cloud security, application security, and securing distributed database systems.
- You can communicate complex security concepts clearly to engineering teams and translate business requirements into technical security solutions.
- You thrive in a collaborative environment and enjoy working across teams to embed security into the development lifecycle.
- You have excellent problem-solving skills and can balance security requirements with developer productivity.
- You are self-motivated and can work independently while making sound security and technical decisions.
What you will need- 5+ years of software engineering experience with a focus on security engineering or application security
- Strong proficiency in Go, with experience in other languages like Python, Java, or C++
- Experience securing cloud-native applications and infrastructure (AWS, GCP, Azure)
- Knowledge of database security, encryption, and access controls
- Experience with security frameworks and compliance requirements (SOC 2, PCI DSS)
- Understanding of threat modeling, security architecture, and secure coding practices
What else will help you be successful- Experience with database internals, distributed systems security, or infrastructure security
- Background in security tool evaluation, implementation, and automation
- Experience with Kubernetes security, container security, and cloud security posture management
- Knowledge of security monitoring, incident response, and vulnerability management
- Previous experience at a high-growth technology company or in a security engineering role
- Relevant security certifications (CISSP, CISM, CEH, etc.)
Total Compensation and Pay TransparencyAn employee's total compensation consists of base salary + variable comp where appropriate + benefits + equity. A member of our Talent Acquisition team will be happy to answer any further questions when we engage with you to begin the interview process.
Base salary range: $140,000 - $320,000 USD
