ButterflyMX

Sr. Security Engineer

ButterflyMX$120K — $150K *
US-AnywhereRemote in United States
Information Technology
5 - 7 years of experience
Job Overview by Ladders

Qualifications

  • 5+ years of application security experience with a focus on secure development and offensive testing.
  • Strong knowledge of web application and API security principles (OWASP, MITRE, CIS).
  • Experience with SAST, DAST, and SCA tools for security analysis.
  • Proficient in scripting or programming languages (e.g., Python, JavaScript) to audit code and develop tools.
  • Proven track record in designing and executing penetration tests for web and mobile applications.
  • Familiar with cloud security (AWS preferred) and container security.
  • Excellent communication skills to convey technical risks to non-technical audiences.

Responsibilities

  • Lead reviews and threat modeling for new product features.
  • Enhance and manage security tooling, collaborating with engineering teams on findings.
  • Plan and execute penetration tests for applications and APIs; manage third-party assessments as needed.
  • Oversee the entire vulnerability management process from discovery to resolution.
  • Create and uphold secure coding standards and training materials for developers.
  • Integrate security checks into CI/CD pipelines and promote early security practices.
  • Investigate security incidents and recommend remediation actions.

Benefits

  • Comprehensive Medical, Dental, and Vision plans starting day 1 with 80% coverage from ButterflyMX.
  • 401(k) plan with matching contributions.
  • 10 paid holidays, 20 vacation days, 5 sick days, and 3 floating holidays annually.
  • 100% company-covered Basic Life and Accidental Death Insurance.
  • 100% coverage for Short and Long Term Disability insurance.
  • Paid Family Leave for employees.
  • Employee Assistance Program for wellness support.
  • Quarterly self-care stipends for personal expenses.
  • Access to flexible spending accounts and various supplemental insurances.
Full Job Description
Role Overview

ButterflyMX is looking for a Senior Security Engineer to join our growing security team. In this role you will drive application security across the full software development lifecycle - from threat modeling and secure code review to penetration testing and vulnerability management. You will build the internal tooling that powers the "defender's loop" and scales security. You will partner with product teams to embed security into the development lifecycle and ensure reusable secure patterns. You will partner closely with engineering to build security in from the start, while also owning our active testing program to identify and remediate vulnerabilities before adversaries do. You will be the person engineers come to for clear and practical answers. This is an individual contributor role reporting directly to the CISO. You will help shape our security program as an early, senior hire.

Responsibilities
  • Lead application security reviews, threat modeling sessions, and secure code review for new features and significant product changes.
  • Operate and continuously improve SAST, DAST, and SCA tooling; triage and prioritize findings in partnership with engineering teams to harden the codebase.
  • Plan and execute internal penetration tests against web applications, APIs, and mobile clients; coordinate and support third-party assessments.
  • Own the vulnerability management lifecycle from discovery, prioritization, remediation tracking, through to validation.
  • Develop and maintain secure coding standards, developer security guidance, and training materials.
  • Integrate security tooling into CI/CD pipelines and champion shift-left security practices across the SDLC.
  • Investigate security incidents and bug bounty submissions; provide root cause analysis and remediation recommendations.
  • Partner with Product and Engineering on security architecture decisions for new product capabilities.
  • Stay current on emerging threats, CVEs, and attack techniques relevant to our technology stack and support continuous program improvement.


Requirements
  • 5+ years of experience in application security, with hands-on proficiency in both secure development lifecycle practices and offensive testing.
  • Strong understanding of web application and API security fundamentals (OWASP, MITRE, CIS, API-specific attack surfaces).
  • Experience operating SAST/DAST/SCA ASPM tools.
  • Fluency in scripting or development languages (Python, JavaScript, Go, Ruby, or similar) sufficient to review code and write internal tooling.
  • Experience designing and executing penetration tests against modern web and mobile applications.
  • Familiarity with cloud security (AWS preferred, some GCP and OVH) and container/Kubernetes security.
  • Comfortable in a regulated environment (e.g., SOC 2 or similar).
  • Excellent written and verbal communication skills; able to translate technical risk to non-technical stakeholders.
  • Relevant certifications a plus: OSCP, GWAPT, GPEN, CEH, or equivalent.
  • Proven experience with leveraging AI tools in both professional and personal settings. ButterflyMX is an AI-forward organization and the ability to optimize efficiency using AI is crucial in every role. Can you use LLMs to build a threat model (bootstrap from the code, docs, and vulnerability history, entry points, git history, etc. and leverage Shostack's four questions); to build an isolation layer to run agents safely and verify exploitability matched to the threat model; to partition the search space and leverage SAST scanners or fuzzers; to filter out non-exploitable findings and triage for patch priority; and, to rate the severity based on reachability, attacker control, preconditions, authentication, read vs write, and blast radius.


Benefits
  • Comprehensive Medical, Dental and Vision plans (ButterflyMX covers 80% of the cost) starting day 1
  • 401(k) plan with a match
  • 10 paid holidays, 20 vacation days, 5 sick days, 3 floating holidays
  • Basic Life and Accidental Death and Dismemberment Insurance (ButterflyMX covers 100% of the cost)
  • Short and Long Term Disability (ButterflyMX covers 100% of the cost)
  • Paid Family Leave
  • Employee Assistance Program
  • Quarterly self-care stipends
  • Access to optional benefits including pre-tax flexible healthcare spending accounts (FSA and HSA), Dependent Care FSA, and Commuter Benefits, as well as optional Supplemental Life, AD&D, Hospital Indemnity, Legal, Accident, Critical Illness, Pet, and Personal Liability Insurance
  • And more!

About ButterflyMX

ButterflyMX is a cloud-based smartphone video intercom system that replaces outdated apartment intercom systems. The company's intercom system allows residents to grant entry to their building from their smartphones, and it also allows property managers to grant access to visitors and delivery people. ButterflyMX's system is designed to be easy to install and use, and it integrates with a variety of smart home devices. The company was founded in 2014 and is headquartered in New York City.
Learn more about ButterflyMX
Size
50 employees
Industry
Founded
2014
Revenue
$10 million

Similar Jobs

More Jobs at ButterflyMX

More Information Technology Jobs

Find similar Sr. Security Engineer jobs: