The Role
Pipe Security's mission is to protect the firm and its users by preventing, detecting, and responding to cyber attacks. We follow philosophies such as Secure by Design, Defense in Depth, and Zero Trust networking. We are a team of software engineers and builders. We pride ourselves in first principles thinking and we are driven to become an innovation hub in the Security industry.
As a core member of the security team, you will contribute to multiple domains such as Cloud Security, Application Security, Detection & Response, and Privacy. You will write code, build systems, and work cross-functionally with every team at Pipe in order to support Security's mission. You will work with our IT team to ensure that we set appropriate security standards to maintain a compliant organization, and work with our Infrastructure team to ensure that we consistently meet those standards. You will be responsible for continually monitoring and updating the team's security posture, and maintaining processes and a culture that encourages a secure mindset.
Responsibilities
- Review and help design robust security standards and monitoring
- Maintain and improve our policy-as-code platform to enable rapid detection and response
- Work closely with our Infrastructure team to ensure cloud-based deployments have proper monitoring and adhere to our policies
- Manage SOC II audits, set a high standard for compliant software and processes, and ensure we consistently meet those standards
- Participate in on-call rotation to support critical security issues
- Own the vulnerability disclosure program and triage inbound reports to security@
- Run periodic tabletop exercises and incident response drills
- Maintain security policies and lead recurring reviews (e.g., firewall changes, security reviews)
- Lead responses to partner and customer security questionnaires
- Maintain the security risk register, track remediation, and produce periodic security metrics for leadership
Tech Stack
We are committed to using the right tools for the problems we are trying to solve. We are not dogmatic, but our current stack includes:
- Frontend: Typescript, React, Next.js
- Backend: Go, PostgreSQL, BigQuery
- Data: BigQuery, Sqlmesh, Python
- Infrastructure: Kubernetes, Pulumi, Buildkite, Google Cloud Platform
- Security: Panther, Wiz, Vanta
Our stack reflects the tools we've found most effective for the problems we solve. Strong candidates will have hands-on experience with most of these technologies and the technical range to pick up what's new quickly.
Technical Qualifications
- Hands-on experience with cloud platforms (GCP preferred) and Kubernetes security
- Proficiency in at least one of Go, Python, or TypeScript - enough to build and maintain internal tooling
- Experience owning SOC 2 (or equivalent) compliance programs end-to-end, including evidence collection, auditor management, and remediation
- Experience running incident response, including on-call, post-mortems, and tabletop exercises
- Experience managing vendor risk reviews and responding to customer security questionnaires
- Strong written communication - this role interfaces with auditors, customers, partners, and engineers
You will be successful at Pipe if you:
- Want to join a remote-first startup and make a real impact
- Hold yourself and your teammates to high standards
- Have a strong technical foundation and use your skills to help customers succeed
- Take end-to-end ownership of your work and enjoy collaborating across functions
Compensation and Benefits
We are a fully remote company and we believe in taking care of our employees. As a Pipe employee, you'll receive:
- The best equipment to help you do your job
- Flexible vacation and work hours - we believe in a healthy work-life balance (really!)
- Excellent health, dental, and vision insurance
- Generous parental leave for anyone growing their family, regardless of gender
- Great colleagues - we value a culture of authenticity, humility, and excellence
The annual US base salary range for this role is $150,000-$220,000, narrowed during the interview process based on experience, qualifications, and location.
