We are looking for a Security Engineer to strengthen Planhat’s technical security execution across application security, platform hardening, and incident response preparedness. This role is ideal for a hands-on engineer who thrives in fast-paced environments and wants to have real impact across a growing SaaS platform.
Your focus will be to reduce operational risk, improve threat detection, and embed security into our engineering lifecycle.
Develop and Maintain secure development lifecycle efforts: threat modeling, code reviews, SAST, supply chain scanning
Collaborate with the development team to design and implement application security controls.
Drive resolution of AppSec issues in collaboration with Engineering teams
Contribute to container and Kubernetes security
Harden internal systems and cloud infrastructure through policy, automation, and best practices
Develop and enforce Infrastructure as Code (IaC) security policies
Deploy, configure, and manage security tools
Automate security processes to improve efficiency and reduce manual efforts.
Work closely with engineering, IT, and compliance teams to ensure alignment of security practices across organizations.
Provide guidance and mentorship on security best practices.
Participate in risk assessments and mitigate identified vulnerabilities.
Align technical implementations with compliance requirements (ISO 27001, SOC 2).
Ensure proper documentation of security processes and tools.
Improve detection coverage by developing alert logic and use case rules
Build IRP automation and playbooks across our detection stack
Strong technical experience in cloud and application security, ideally in SaaS environments
Comfortable working with tools like Terraform, GCP, Kubernetes
Hands-on experience building and tuning detection logic
Approaches problems with an automation mindset, designing scalable workflows rather than relying on manual intervention
Familiar with secure coding practices, SDLC, and modern AppSec workflows
Collaborative mindset when working with Engineering, DevOps, and Compliance, knows when to block and when to guide
Understands incident response beyond theory, and builds playbooks that reflect real risk scenarios
Brings a pragmatic view of security: focused on reducing risk, enabling teams, and supporting business growth
Build security from the inside out not just checkboxes
High autonomy and high impact in a growing company
Modern tech stack, real-world security challenges, and full stakeholder support
Fully remote flexibility, collaborative team, and room to grow
Competitive compensation
Work with a smart, driven, and global crew
Get in the arena.
All roles are considered on a rolling basis.
