Software Engineer (Security)
Standard Metrics
Standard Metrics is an automated financial collaboration platform that helps investors and founders to move faster together and make better, forward-facing decisions. We're a full-time team of product builders, investors, and optimists, rebuilding investor relations from the ground up. Standard Metrics is backed by 8VC and Spark Capital along with other leading software VCs and angels and is currently a trusted resource for many of the top venture capital firms in the world.
Come Build With Us
We are looking for a Security Engineer with a strong background in infrastructure and systems security. You'll have an opportunity to have a big impact at this early stage, not only on the core product but also on the culture and direction of the company.
This is a hands-on role that balances building secure systems, conducting risk assessments, and automating defenses to strengthen the resilience of our platform. This role will report directly to our Head Of Engineering.
What You'll Do
- Design, implement, and maintain secure cloud infrastructure (AWS)
- Harden servers, containers, and networking components against vulnerabilities
- Develop Infrastructure-as-Code (IaC) security best practices (Terraform, CloudFormation, etc.)
- Perform threat modeling, code reviews, and penetration testing of services and APIs
- Partner with developers to remediate vulnerabilities and promote secure coding practices
- Integrate security tools into CI/CD pipelines (SAST, DAST, dependency scanning)
- Implement logging, monitoring, and alerting for security-related events
- Contribute to incident detection, investigation, and response workflows
- Build automation for security event triage and remediation
- Ensure compliance with industry standards (SOC2 and GDPR)
- Maintain documentation of security controls and processes
- Provide security training and guidance across engineering teams
What You'll Bring
- 3+ years of experience in security engineering or infrastructure engineering with a security focus
- Strong experience with cloud platforms (AWS preferred) and container orchestration (Kubernetes, Docker)
- Familiarity with infrastructure automation tools (Terraform)
- Hands-on knowledge of CI/CD pipelines and integrating security tools
- Proficiency in at least one scripting/programming language (Python, Go etc.)
- Deep understanding of application and infrastructure security principles
- Experience with vulnerability scanning, penetration testing, and threat modeling
- Knowledge of IAM, encryption, and key management practices
- Ability to balance pragmatism and rigor in implementing security solutions
For our employees located in the USA, we aim to pay at or above the market rate of US-based tech hubs like San Francisco or NYC. For international roles, we aim to pay top of market for your country. The estimated annual salary for this role is between $150,000-$200,000, plus a competitive equity package. Actual compensation will be determined based on experience and qualifications.
Health and dental insurance: We cover you and your family's medical/dental/vision insurance 100% in the USA. Internationally we match local health coverage for you and your family.
Flexible vacation: Take time off when you need it! We find most employees take 3-4 weeks in addition to holidays, but there are no firm rules. We trust our employees to know what's best for them.
Paid parental leave: 12 weeks of paid leave for all new parents in the USA. Internationally we match parental leave standards in your area.
Complete transparency: Everyone has full access to business metrics and financial information about the company.