jobloom

JobLoom finds jobs directly from company career sites before many job boards, then routes you into detailed role pages like this one.

security

Posted 2 hours ago

Sr. Security Engineer

at ButterflyMX

United StatesRemote

Responsibilities

  • - Plan and execute internal penetration tests against web applications, APIs, and mobile clients; coordinate and support third-party assessments.
  • - Own the vulnerability management lifecycle from discovery, prioritization, remediation tracking, through to validation.
  • - Integrate security tooling into CI/CD pipelines and champion shift-left security practices across the SDLC.

Requirements

  • OUR MISSION ButterflyMX is on a mission to empower people to open and manage doors & gates from a smartphone.
  • As a distributed, primarily remote workforce, we’re looking for more intelligent, passionate, collaborative, ai-forward, and down-to-earth individuals to join our growing team.
  • ROLE OVERVIEW ButterflyMX is looking for a Senior Security Engineer to join our growing security team.
  • experience in application security, with hands-on proficiency in both secure development lifecycle practices and offensive testing. - Strong understanding of web application and API security fundamentals (OWASP, MITRE, CIS, API-specific attack surfaces). -
  • Experience operating SAST/DAST/SCA ASPM tools. - Fluency in scripting or development languages (Python, JavaScript, Go, Ruby, or similar) sufficient to review code and write internal tooling. -
  • Experience designing and executing penetration tests against modern web and mobile applications. - Familiarity with cloud security (AWS preferred, some GCP and OVH) and container/Kubernetes security. - Comfortable in a regulated environment (e.g., SOC 2 or similar). - Excellent written and verbal communication skills; able to translate technical risk to non-technical stakeholders. - Relevant certifications a plus: OSCP, GWAPT, GPEN, CEH, or equivalent. - Proven
  • experience with leveraging AI tools in both professional and personal settings.
  • ButterflyMX is an AI-forward organization and the ability to optimize efficiency using AI is crucial in every role.
  • Can you use LLMs to build a threat model (bootstrap from the code, docs, and vulnerability history, entry points, git history, etc.
  • You must have the authorization to work in the US to become an employee.

Experience

  • REQUIREMENTS - 5+ years of

Benefits

  • BENEFITS - Comprehensive Medical, Dental and Vision plans (ButterflyMX covers 80% of the cost) starting day 1 - 401(k) plan with a match - 10 paid holidays, 20 vacation days, 5 sick days, 3 floating holidays - Basic Life and Accidental Death and Dismemberment Insurance (ButterflyMX covers 100% of the cost) - Short and Long Term Disability (ButterflyMX covers 100% of the cost) - Paid Family Leave - Employee Assistance Program - Quarterly self-care stipends - Access to optional
  • benefits including pre-tax flexible healthcare spending accounts (FSA and HSA), Dependent Care FSA, and Commuter Benefits, as well as optional Supplemental Life, AD&D, Hospital Indemnity, Legal, Accident, Critical Illness, Pet, and Personal Liability Insurance - And more! ButterflyMX is an equal opportunity employer and we value diversity at our company.

Additional details

  • Our products are installed in more than 20,000+ multifamily, commercial, gated communities, and student-housing properties worldwide, including properties developed, owned, and managed by the most trusted names in real estate.
  • Our features are designed for developers, owners, property managers, and tenants and our products lower operating costs and improve tenant satisfaction.
  • OUR SOLUTION Developers and owners no longer need to run building wiring or install in-unit hardware.
  • Property managers can grant building access, revoke permissions, and review entry logs from an online dashboard.
  • OUR CULTURE & VALUES Fantastic people are the key to our success.
  • We’re driven by a shared commitment to excellence and innovation, grounded in our core values: We delight our customers, We take ownership, We are a community of collaborators, We speak up, We think big and do small, and We are tenacious.
  • In this role you will drive application security across the full software development lifecycle — from threat modeling and secure code review to penetration testing and vulnerability management.
  • You will build the internal tooling that powers the “defender’s loop” and scales security.
  • You will partner with product teams to embed security into the development lifecycle and ensure reusable secure patterns.
  • You will partner closely with engineering to build security in from the start, while also owning our active testing program to identify and remediate vulnerabilities before adversaries do.

Find more real-time jobs on JobLoom.