Security Engineer Job Description Template (Free, 2026)

Job Title: Security Engineer [Mid-Level / Senior / Staff] Department: Engineering / Security Location: [City, State] / Remote / Hybrid Reports To: CISO / Head of Security / VP Engineering Employment Type: Full-Time About [Company Name] [Company Name] is a [stage/sector] company handling [describe sensitive data/scale, e.g., PII for X users, financial transactions, healthcare records]. Security is a core engineering discipline here, not an afterthought — we have active SOC 2 [Type I / Type II] certification, a [bug bounty / VDP program], and dedicated security engineering headcount. We are looking for a security engineer who thinks offensively to build better defenses. About the Role As a Security Engineer, you will own and improve the security posture of our product and infrastructure — spanning application security, cloud configuration, identity and access management, and incident detection. You will partner directly with product engineering teams to shift security left, conduct threat modeling and security reviews, and build tooling that scales security practices without becoming a bottleneck. Your work protects [X] customers and their data. Key Responsibilities • Conduct application security reviews, threat modeling, and penetration testing across web, API, and mobile surfaces • Build and maintain security tooling: SAST/DAST pipelines (Semgrep, Snyk, Burp Suite), secrets scanning, dependency auditing • Define and enforce cloud security standards across [AWS / GCP / Azure] using CSPM tools and policy-as-code (OPA, Checkov) • Manage identity and access: RBAC, IAM policies, SSO integration, privileged access management (PAM) • Operate and tune the SIEM/SOAR platform; develop detection rules and automated response playbooks • Lead incident response for security events: triage, containment, eradication, post-mortem • Collaborate with engineering and DevOps to integrate security gates into CI/CD pipelines (shift-left security) • Drive compliance deliverables for SOC 2, ISO 27001, or other applicable frameworks • Conduct security awareness training and support phishing simulation programs • Track and prioritize the vulnerability management backlog with engineering teams Required Qualifications • [3]+ years in security engineering, application security, or cloud security roles • Strong understanding of OWASP Top 10, common vulnerability classes, and secure coding principles • Hands-on experience with cloud security architecture and IAM (AWS IAM, GCP IAM, or Azure AD) • Experience with SAST, DAST, SCA, and secrets scanning tooling in CI/CD pipelines • Proficiency in at least one scripting language: Python, Go, or Bash for security automation • Familiarity with network security fundamentals, TLS/mTLS, zero-trust architecture • Experience supporting SOC 2, ISO 27001, PCI DSS, or HIPAA audit processes Nice to Have • Offensive security experience (OSCP, bug bounty, CTF participation) • Cloud security certifications (AWS Security Specialty, GCP Professional Security Engineer) • Experience with eBPF-based runtime security tools (Falco, Tetragon) • Knowledge of supply chain security (SBOM, SLSA, Sigstore) What We Offer • Competitive salary: $[low]–$[high]/year (see benchmarks below) • Equity: [X]% stock options / RSUs • Health, dental, and vision insurance (100% employer-paid for employee) • Flexible PTO + [X] company-wide holidays • Remote-friendly / home office stipend of $[X] • Conference attendance (DEF CON, Black Hat, BSides) budget • Learning & development budget: $[X]/year including certifications • [Additional perk — wellness stipend, etc.] Salary Range: $110,000–$190,000/year (US, 2026 benchmark; exact offer commensurate with experience) [Company Name] is an equal opportunity employer. We celebrate diversity and are committed to creating an inclusive environment for all employees.