Security Engineer at Granola building security features and tools for a developer-focused product. Responsible for vulnerability identification, secure code review, threat modeling, and incident response using AI-assisted tooling.
Hey! We're team Granola 👋 If you haven't already, you should check out what we're building, and why you should work here.
In this role, you will be responsible for identifying and mitigating security vulnerabilities within Granola's applications, building security tools, and working closely with our development teams to integrate security throughout our software development lifecycle. You'll help establish a robust security culture as we unlock Granola for the next 100x users.
Design and implement security features within the Granola app to protect user data and strengthen the product's security posture
Leverage AI-assisted tooling to conduct security assessments, code reviews, threat modeling and penetration testing to identify vulnerabilities in our applications
Work closely with development teams to ensure secure coding practices are integrated throughout the SDLC
Track, analyse, and manage application vulnerabilities, using AI-assisted triage and prioritisation to guide remediation efforts
Support incident response by investigating application-related security incidents
Stay current on the latest security threats, vulnerabilities, and technologies to enhance our security posture
Extensive experience building production software, with hands-on exposure to security-sensitive work (auth, data handling, API design, encryption or similar) and a genuine interest in going deeper into application security
Comfortable with secure coding practices and at least one of: threat modelling, risk assessments, or incident response, with appetite to grow across the rest
Proficiency in programming languages such as TypeScript, Python, or similar
Experience with cloud and cloud security (we use AWS)
Strong communication skills with the ability to explain complex security issues to both technical and non-technical audiences
Are first and foremost a builder who thinks like an attacker
Are excited to work in-person from our office in London (most of the time)
Love working in a startup environment (you either have experience working in a startup or are really drawn to the zero-to-one phase)
Value working with people who are kind, ambitious, and pragmatic
Have a passion for protecting users and building secure systems
Thrive in a fast-paced environment where you can make a direct impact on product security
We are living in the most exciting time for tool builders since Engelbart's demo in 1968. We want to assemble the best crew to build this future together, here in London. Our compensation philosophy is to pay slightly above market on salary and above market on equity.
We do our best work in person, and so our team spends time together five days per week in our new, bright, and spacious office at Old Street. We are happy to offer relocation assistance to candidates who'll be moving to London to join us.
Lastly, we think amazing talent comes from all kinds of life journeys and experiences. If what is written above speaks to you, whether you look like a fit on paper or not, please reach out.