Senior Security Engineer
Polly
Software Engineering
San Francisco, CA, USA
Posted on Mar 14, 2025
Who You Are:
You are a Senior Security Engineer with a strong focus on application security and a deep understanding of securing CI/CD pipelines. You are experienced in collaborating with development and DevOps teams to integrate security throughout the software delivery lifecycle. You have a proactive mindset, strong technical skills, and a commitment to staying ahead of emerging threats and vulnerabilities. Your attention to detail and ability to automate security processes make you a key partner in ensuring secure software delivery.
Does this sound like you? If so, keep reading and apply today!
What You'll Do:
- Design and implement security controls and tools within CI/CD pipelines to protect against threats and vulnerabilities.
- Conduct security assessments, code reviews, and penetration testing on applications and infrastructure deployed through CI/CD workflows.
- Integrate security tools (e.g., SAST, DAST, dependency scanning) into CI/CD systems such as Jenkins, GitLab CI/CD, GitHub Actions, or CircleCI.
- Collaborate with DevOps teams to automate security checks and ensure secure configuration of build and deployment environments.
- Monitor and respond to security incidents related to CI/CD processes, including artifact integrity and pipeline tampering.
- Develop and maintain documentation for secure CI/CD practices, policies, and procedures.
- Stay up-to-date with emerging threats, vulnerabilities, and security technologies relevant to CI/CD and cloud-native environments.
- Educate and train development teams on secure coding practices and CI/CD security principles.
- Ensure compliance with regulatory standards (e.g., SOC 2, ISO27001) in the software delivery lifecycle.
What You Have:
- 3+ years of experience in security engineering, DevSecOps, or a related role.
- Hands-on experience securing CI/CD pipelines using tools like Jenkins, GitLab CI/CD, GitHub Actions, or similar platforms.
- Proficiency with security tools such as Sonarcloud Github Security
- Strong understanding of software development lifecycle (SDLC) and DevOps practices.
- Familiarity with containerization and orchestration technologies (e.g., Docker, Kubernetes) and their security implications.
- Knowledge of cloud platforms (e.g., AWS) and their security configurations.
- Experience with scripting languages (e.g., Python, Bash) for automation and tool integration.
- Excellent problem-solving skills and attention to detail.
Extras you bring
- Experience with Infrastructure-as-Code (IaC) tools like Terraform or CloudFormation.
- Familiarity with secrets management tools (e.g., HashiCorp Vault, AWS Secrets Manager).
- Understanding of zero-trust security models and their application in CI/CD.
- Strong communication skills to collaborate across technical and non-technical teams.
- Ability to prioritize and manage multiple tasks in a fast-paced environment.
- Proactive mindset with a focus on identifying and mitigating risks early in the development process.
Why Join Polly?
- We are attacking a trillion-dollar market with gross inefficiencies and seeking to transform the way an entire industry operates
- You will have an impact on the design, architecture and implementation of markets that are often called the engine of US economy
- We value drive for excellence, independent thinking, teamwork and curiosity
- You will work with both government backed and industry leading companies to create a digital pipeline that facilitates real time trading of loans
- We have an experienced leadership team that previously built large and impactful platforms
- Outstanding opportunity for professional growth and upward mobility
- Direct engagement with the decision makers and senior business leaders
- Competitive salaries
- 100% paid medical/vision/dental/disability/life insurance
- Unlimited PTO
- Hybrid environment; 3x weekly in an innovation hub in San Francisco or Dallas
Let’s get to know each other.
Polly is transforming the mortgage industry with its modern, data-driven capital markets ecosystem. Banks, credit unions, and mortgage lenders nationwide trust Polly’s revolutionary Product and Pricing Engine (PPE), Loan Trading Exchange, and actionable data and analytics to automate and optimize the entire capital markets value chain, helping their secondary teams operate faster, smarter, and more profitably. Polly was founded in 2019 by a seasoned team of technology and mortgage experts and is headquartered in San Francisco, California.
To learn more, follow Polly on LinkedIn or visit www.polly.io. Polly is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, age, color, national origin, religion, sex, gender identity, sexual orientation, marital status, pregnancy status, disability status, veteran status, or any other legally protected status. Pursuant to the San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records.
Beware of recruitment scams impersonating Polly brand or employees. Our team communicates only through official Polly channels, and we will never ask for sensitive information over text or conduct text-only interviews. If you are ever suspicious or in doubt, reach out to us directly at peopleteam@pollyex.com. We care deeply about this network and your experience.