Security Engineer

ABOUT US - At Sierra, we’re creating a platform to help businesses build better, more human customer experiences with AI. We are primarily an in-person company based in San Francisco, with growing offices in Atlanta, New York, London, Paris, Madrid, Munich, Singapore, Japan, and Sydney. - We are guided by a set of values that are at the core of our actions and define our culture: Trust, Customer Obsession, Craftsmanship, Intensity, and Family. These values are the foundation of our work, and we are committed to upholding them in everything we do. - Our co-founders are Bret Taylor https://www.linkedin.com/in/brettaylor/ and Clay Bavor https://www.linkedin.com/in/claybavor/. Bret currently serves as Board Chair of OpenAI. Previously, he was co-CEO of Salesforce (which had acquired the company he founded, Quip) and CTO of Facebook. Bret was also one of Google's earliest product managers and co-creator of Google Maps. Before founding Sierra, Clay spent 18 years at Google, where he most recently led Google Labs. Earlier, he started and led Google’s AR/VR effort, Project Starline, and Google Lens. Before that, Clay led the product and design teams for Google Workspace.  WHAT YOU'LL DO - Lead Security for Our Platform. Take charge of application, cloud, network, and AI agent security. This includes performing secure design reviews, overseeing threat modeling, and building new security primitives into our product and platform. - Collaborate with Cross-Functional Teams. Partner closely with engineering, product, and GRC to embed security throughout the software development lifecycle. Communicate risks, prioritize fixes, and ensure security requirements enable innovation. - Implement Automation & Tooling. Streamline security processes by integrating tooling into CI/CD pipelines and leveraging AI-based or next-gen solutions to automate scans, compliance checks, and infrastructure reviews. - Continuously Improve Security Posture. Conduct regular audits of our cloud environment, review IAM configurations, and stay on top of emerging AI security risks. Recommend strategic security initiatives and lead efforts to establish best practices as the company scales. - Enable Enterprise Customer Needs. Present and explain our security posture to enterprise clients, helping them understand how we secure their data. Address concerns around healthcare, financial, or other regulated data with clear, actionable insights WHAT YOU'LL BRING - Broad Security Expertise. Strong foundation in web application security, cloud security (AWS, Azure, or GCP), and networking principles. - Coding and DevOps Skills. Hands-on experience with programming production software, scripting, and DevOps tools for automation. Familiarity with secure coding practices, threat modeling, vulnerability scanning, and incident response processes. - Adaptability and Resilience. Comfort working in a fast-paced startup environment, ability to adapt to changing priorities and handle ambiguity with grace. - Communication and Collaboration. Strong written and verbal communication skills with the ability to clearly explain risk trade-offs and convey complex technical topics to both technical and non-technical audiences. - Curiosity & Customer-First Mindset. Passion for deeply understanding customer needs and finding the right solutions from first principles. EVEN BETTER... - Experience securing AI systems, with understanding of LLM and Agentic AI risks. - Prior success in securing cloud infrastructure with robust policies and automated enforcement, and familiarity with Infrastructure as Code (Terraform, CloudFormation). - History of building or integrating custom security tools, especially those leveraging AI/ML for detection or monitoring. - Familiarity with continuous compliance platforms and building control monitoring. - Experience designing strong foundations with secure-by-design and privacy-by-design practices such as data handling, anonymization, and de-identification OUR VALUES - Trust: We build trust with our customers with our accountability, empathy, quality, and responsiveness. We build trust in AI by making it more accessible, safe, and useful. We build trust with each other by showing up for each other professionally and personally, creating an environment that enables all of us to do our best work. - Customer Obsession: We deeply understand our customers’ business goals and relentlessly focus on driving outcomes, not just technical milestones. Everyone at the company knows and spends time with our customers. When our customer is having an issue, we drop everything and fix it. - Craftsmanship: We get the details right, from the words on the page to the system architecture. We have good taste. When we notice something isn’t right, we take the time to fix it. We are proud of the products we produce. We continuously self-reflect to continuously self-improve. - Intensity: We know we don’t have the l