Is the Senior Security Engineer role at Change remote?

Yes, the Senior Security Engineer role at Change is a remote position.

How do I apply for the Senior Security Engineer position at Change?

You can apply for the Senior Security Engineer position at Change directly through HireHere. Click the "Apply" button on the job listing to be taken to the application page.

Senior Security Engineer

ChangeRemote2h ago

Change.org is searching for a Senior Security Engineer to help secure our global infrastructure and applications. You will report to the Senior Director of Engineering, Technical Operations and as a key member of our engineering team you will be responsible for tasks involving vulnerability management, vendor security review, and the further automation of our security tooling.

We’re a social impact business (a public benefit company), and the world's largest social change platform with 100 million users, 40,000+ campaigns launched on the site every month, and a 100% user-generated revenue model. Our users win campaigns for change once every hour. We’re working for a world where no one is powerless, and where creating change is a part of everyday life. We’re just getting started and hope you’ll join us!

From mobilizing over 5 million people to investigate the fires in the Amazon, to mobilizing nearly 3 million against war and famine in Yemen, to large-scale mobilizations for the people of Iran and against the war in Ukraine, and calling for Racial Justice in the US, many movements were born on Change.org. Dozens of local, national, and international victories are happening every day thanks to the strength of our members who are changing the lives of people around the world. We want to help them go even further and we need your help!

Key Outcomes:

Identify, triage, and drive remediation of vulnerabilities across Change.org’s applications and APIs.
Integrate and maintain automated security checks in CI/CD .
Partner with developers on secure design and code reviews for high-impact features.
Strengthen AWS and Kubernetes app-layer security.
Contribute to incident response when product or code-related vulnerabilities are involved.
From time to time the company may require you to work after hours to deal with emergencies

The most important core competencies for the role are:

Strong grasp of web application security fundamentals.
Proficiency in Python or similar for scripting, automation, and integrating security tools.
Experience with security scanning tools and pipeline automation.
Working knowledge of AWS and Kubernetes from an application security perspective.
Ability to clearly communicate risks and collaborate effectively with development teams.

Target experience:

4–6 years in application or cloud security, or as a software engineer with security responsibilities.
Proven track record of hands-on vulnerability remediation and practical risk reduction.
Exposure to secure SDLC practices and common modern stacks (bonus: Elixir, Node, Ruby).
Experience building or tuning security automation that improves developer productivity and reduces false positives.

Interested? Great! Here's what you should know:

This is a full time remote role, open to folks in the United States, Canada, or Mexico.

Our compensation philosophy is based on pay equity. All of our salaries are determined before we launch a role – they are based on a predetermined salary scale, the level on that scale and the cost of labor for that location.

In the US, the annual salary of a Sr. Security Engineer is $194,000 in San Francisco and New York City, $184,500 in Austin, Boston, Seattle and DC, and $165,000 for all other cities in the United States.

In Canada, the salary is CAD$ 169,000 in Victoria and Calgary, CAD$ 182,000 in Vancouver and Toronto and CAD$ 166,000 in all other cities in Canada.

In Mexico, this role is available in two different formats:

Full-Time Employee: MX$118,291/month gross via a local third-party entity.
Contractor: MX$147,864/month gross.

Benefits and perks also vary based on location.

We know the confidence gap and imposter syndrome can get in the way of meeting amazing candidates like you, so please don’t hesitate to apply—we’d love to meet you. We also know it’s rare for someone to meet 100% of the qualifications. Please apply anyway!

We actively encourage applicants from diverse backgrounds and perspectives to apply. At Change.org, we are dedicated to fostering a diverse and inclusive workplace. We invest in programs to support our diverse workforce, offer inclusive onboarding experiences and affinity groups, celebrate the heritage of our staff, provide training on working across differences, and maintain fair and transparent salary scales. All qualified applicants will receive consideration for employment without regard to race, color, national origin, disability, veteran status, sexual orientation, gender, or culture.

We are committed to providing reasonable accommodations throughout the recruitment process for candidates with disabilities. If you need assistance, or an accommodation, please let your recruiter know once you are contacted about a role.

We're committed to protecting your data. To learn more, please review our Change.org Job Applicant Privacy Policy.

We are legally required to conduct EEOC reporting. While this is required by the federal government, we recognize that it does not include all genders and ethnicities. We want you to know that Change.org celebrates all identities and we thank you for your participation.http://change.org/

Change.org participates in E-verify - click here to learn more.

#LI-Remote

While we are a global company, we ask that you please submit your resumes/application questions in English.

Senior Security Engineer

Explore Engineering

Skills in this job

People also search for