Senior security engineer

About Watershed

Watershed is the enterprise sustainability platform. Companies like Airbnb, Carlyle Group, FedEx, Visa, and Dr. Martens use Watershed to manage climate and ESG data, produce audit-ready metrics for voluntary and regulatory reporting including CSRD, and drive real decarbonization. We are looking for team members who love product-building, want to work hard at a mission-oriented startup, and will collaborate with us in shaping the culture of a growing team.

We have offices in San Francisco, New York, London, Paris, Berlin, Sydney, Mexico City, and remote team members across the US and Europe. We hope that you'll be interested in joining us!

The role

The Senior Security Engineer will drive the product security vision, strategy, and best practices across product teams. You'll lead threat modeling exercises, collaborate with engineering to enhance our secure software development stack and CI/CD pipeline, and manage our bug bounty programs and third-party security testing. You'll also evaluate vulnerability reports, prioritize remediation efforts, and design robust threat detection, monitoring, and incident response architectures.

In this role, you will:

• Drive product security vision, strategy, and best practices across product teams

• Lead security design reviews for new and existing products to identify potential security vulnerabilities

• Collaborate with engineering to manage and improve the secure software development stack and CI/CD pipeline

• Manage and enhance our bug bounty programs and third-party security testing

• Evaluate vulnerability reports, prioritize remediation, and communicate findings

• Design and build threat detection, monitoring, investigation, and response architectures

• Monitor and evaluate operational/security alerts

• Participate in investigations and incident response activities; build playbooks

You might be a good fit if you have:

• BS in computer science, information security, or a related field or equivalent experience

• 5-7+ years in security engineering

• Experience in growing & formalizing security programs

• Strong knowledge of GCP

• Deep understanding of threat modeling, risk management, and vulnerability assessment methodologies

• Proficiency in multiple programming languages and familiarity with secure coding practices and frameworks such as OWASP and CIS Controls (Was SANS Top 20)

• Hands-on experience with security tools and experience integrating automated security testing into CI/CD pipelines

• Excellent leadership, communication, and collaboration skills, with the ability to work effectively across diverse teams

Great if you also have: 

• SaaS industry background

Preference is given to candidates in the San Francisco Bay Area

Join Us:

If you're passionate about climate change and have the security expertise to help us protect our mission, we want to hear from you! Apply today and be a part of the solution.

Must be willing to work from an office 4 days per week (except for remote roles)

Watershed has hub offices in San Francisco, New York, London, and Mexico City and satellite offices in Sydney, Paris, and Berlin. Where we have offices, employees are expected to be in office for 4 days per week. Certain jobs are open to being remote and will be specifically noted on the jobs page and in the job description if so.

What’s the interview process like?

It starts the same for every candidate: getting to know the team members through 1 to 2 conversations about Watershed, your experience, and your interests. Next steps can vary by role, but usual next steps are a skill or experience interview (e.g. a coding interview for an engineer, a portfolio review for a designer, deeper experience call for other roles) which leads to a virtual or in person interview panel. We prioritize transparency and lack of surprise throughout the process.

What if I need accommodations for my interview?

At Watershed, we are dedicated to ensuring an inclusive recruitment process. We provide reasonable accommodations for candidates with disabilities, long-term conditions, mental health needs, religious observances, neurodivergence, or pregnancy-related support requirements. If you need assistance during your process, please contact your recruiter.