security
Posted 2 hours agoSr. Security Engineer
at ButterflyMX
United StatesRemote
Responsibilities
- - Plan and execute internal penetration tests against web applications, APIs, and mobile clients; coordinate and support third-party assessments.
- - Own the vulnerability management lifecycle from discovery, prioritization, remediation tracking, through to validation.
- - Integrate security tooling into CI/CD pipelines and champion shift-left security practices across the SDLC.
Requirements
- OUR MISSION ButterflyMX is on a mission to empower people to open and manage doors & gates from a smartphone.
- As a distributed, primarily remote workforce, we’re looking for more intelligent, passionate, collaborative, ai-forward, and down-to-earth individuals to join our growing team.
- ROLE OVERVIEW ButterflyMX is looking for a Senior Security Engineer to join our growing security team.
- experience in application security, with hands-on proficiency in both secure development lifecycle practices and offensive testing. - Strong understanding of web application and API security fundamentals (OWASP, MITRE, CIS, API-specific attack surfaces). -
- Experience operating SAST/DAST/SCA ASPM tools. - Fluency in scripting or development languages (Python, JavaScript, Go, Ruby, or similar) sufficient to review code and write internal tooling. -
- Experience designing and executing penetration tests against modern web and mobile applications. - Familiarity with cloud security (AWS preferred, some GCP and OVH) and container/Kubernetes security. - Comfortable in a regulated environment (e.g., SOC 2 or similar). - Excellent written and verbal communication skills; able to translate technical risk to non-technical stakeholders. - Relevant certifications a plus: OSCP, GWAPT, GPEN, CEH, or equivalent. - Proven
- experience with leveraging AI tools in both professional and personal settings.
- ButterflyMX is an AI-forward organization and the ability to optimize efficiency using AI is crucial in every role.
- Can you use LLMs to build a threat model (bootstrap from the code, docs, and vulnerability history, entry points, git history, etc.
- You must have the authorization to work in the US to become an employee.
Experience
- REQUIREMENTS - 5+ years of
Benefits
- BENEFITS - Comprehensive Medical, Dental and Vision plans (ButterflyMX covers 80% of the cost) starting day 1 - 401(k) plan with a match - 10 paid holidays, 20 vacation days, 5 sick days, 3 floating holidays - Basic Life and Accidental Death and Dismemberment Insurance (ButterflyMX covers 100% of the cost) - Short and Long Term Disability (ButterflyMX covers 100% of the cost) - Paid Family Leave - Employee Assistance Program - Quarterly self-care stipends - Access to optional
- benefits including pre-tax flexible healthcare spending accounts (FSA and HSA), Dependent Care FSA, and Commuter Benefits, as well as optional Supplemental Life, AD&D, Hospital Indemnity, Legal, Accident, Critical Illness, Pet, and Personal Liability Insurance - And more! ButterflyMX is an equal opportunity employer and we value diversity at our company.
Additional details
- Our products are installed in more than 20,000+ multifamily, commercial, gated communities, and student-housing properties worldwide, including properties developed, owned, and managed by the most trusted names in real estate.
- Our features are designed for developers, owners, property managers, and tenants and our products lower operating costs and improve tenant satisfaction.
- OUR SOLUTION Developers and owners no longer need to run building wiring or install in-unit hardware.
- Property managers can grant building access, revoke permissions, and review entry logs from an online dashboard.
- OUR CULTURE & VALUES Fantastic people are the key to our success.
- We’re driven by a shared commitment to excellence and innovation, grounded in our core values: We delight our customers, We take ownership, We are a community of collaborators, We speak up, We think big and do small, and We are tenacious.
- In this role you will drive application security across the full software development lifecycle — from threat modeling and secure code review to penetration testing and vulnerability management.
- You will build the internal tooling that powers the “defender’s loop” and scales security.
- You will partner with product teams to embed security into the development lifecycle and ensure reusable secure patterns.
- You will partner closely with engineering to build security in from the start, while also owning our active testing program to identify and remediate vulnerabilities before adversaries do.