Security Engineer, Platform

About the Role

As a key member of this team, the Security Engineer will play a crucial role in designing secure defaults for new services, workers, queues, databases, internal tools, and deployment pipelines. This involves not only understanding the technical aspects of security but also being mindful of the developer experience, ensuring that security measures are easy to adopt and do not hinder development productivity.

The role is fully remote, allowing for flexibility and autonomy. However, occasional travel for team offsites, conferences, and meetups will be required. This balance between independent work and team collaboration is reflective of Resend's approach to remote work, emphasizing both productivity and community.

What You Will Do

• Build and improve the security foundations of Resend’s platform, focusing on areas such as API keys, service permissions, and secrets management.
• Design secure defaults for new services, including workers, queues, databases, internal tools, and deployment pipelines.
• Improve detection and response for suspicious access, leaked credentials, abnormal sending behavior, privilege changes, and sensitive system events.
• Review and update processes and pipelines to ensure security is integrated throughout, rather than treated as an afterthought.
• Raise the security bar across the organization, promoting a culture of security awareness and best practices.
• Collaborate with the development team to ensure security considerations are embedded in the development lifecycle.
• Develop and maintain security documentation and guidelines for internal use.
• Participate in incident response and contribute to post-incident reviews and improvements.
• Stay updated with the latest security threats and technologies, applying this knowledge to continuously improve Resend's security posture.

What We Are Looking For

• Experience in securing production infrastructure, cloud environments, APIs, developer platforms, or multi-tenant SaaS products.
• Ability to write code and comfort with reading application, infrastructure, and deployment code.
• Understanding of authentication, authorization, secrets, IAM, logging, audit trails, incident response, and secure deployment pipelines.
• Experience working independently, with the ability to prioritize and drive day-to-day tasks as the first dedicated security hire.
• Preference for practical improvements over heavy processes, with a low-ego, direct, curious, and willing-to-learn attitude.
• Care about developer experience and believe security should be easy to adopt.
• Strong communication skills, with the ability to explain complex security concepts to non-technical stakeholders.
• Experience with cloud infrastructure security, including tools like AWS, Terraform, Kubernetes, and Cloudflare.

Nice to Have

• Experience with email infrastructure, transactional email, sender reputation, domain verification, SPF, DKIM, DMARC, webhooks, or abuse prevention.
• Knowledge of open source security, GitHub organization hardening, package publishing, dependency review, or supply-chain security.
• Experience helping companies prepare for SOC 2, ISO 27001, GDPR, enterprise security reviews, or customer trust processes.
• Background in building security observability, alerting, detection pipelines, or incident response workflows.
• Experience working with Trust & Safety, anti-abuse, fraud, or platform integrity teams.

Benefits and Perks

• Competitive compensation package.
• Opportunity to work with a modern tech stack, including Next.js, Raycast, and Notion.
• Flexible working schedules and a fully remote work environment.
• Honest and low-ego team culture, emphasizing autonomy and ownership.
• Professional development opportunities, including access to the latest security training and technologies.
• Health and wellness support, including mental health resources and remote work stipends.
• Generous PTO policy, recognizing the importance of work-life balance.
• Access to a global network of professionals, with opportunities for collaboration and knowledge sharing.

• Tip 1: When applying, make sure your portfolio or resume highlights specific security achievements and technologies you've worked with, especially in cloud security and API protection.
• Tip 2: Showcase your understanding of security principles and how they apply to real-world scenarios, demonstrating your ability to balance security needs with developer experience.
• Tip 3: Be prepared to discuss your approach to staying updated with the latest security threats and technologies, and how you apply this knowledge to improve security postures.
• Tip 4: In the interview, emphasize your experience with practical security improvements and your preference for integrated security over heavy, compliance-driven processes.
• Tip 5: Ask about the company's approach to remote work, team collaboration, and professional development, to ensure alignment with your career goals and work style.
• Tip 6: During salary negotiations, consider not just the base salary but also the overall compensation package, including benefits, equity, and opportunities for growth.
• Tip 7: Be cautious of red flags such as a lack of clear security protocols, insufficient support for remote work, or a culture that does not prioritize security and developer experience.