Staff Security Engineer

THE ROLE

Staff Security Engineer

We’re looking for a Staff Security Engineer to join our growing Security team. In this role, you will drive security strategy and execution across Quince’s product, cloud, infrastructure, and enterprise environments. You will operate as a senior technical leader, combining deep hands-on security engineering expertise with architectural influence to build scalable security programs and systems. You will partner closely with engineering, product, legal, compliance, and business teams to embed security throughout the software development lifecycle, strengthen our cloud and enterprise security posture, and continuously improve our detection and response capabilities. Success in this role means proactively reducing risk, building security capabilities that scale with the business, and driving a culture where security is treated as a core engineering responsibility. You will serve as a technical mentor, influence engineering decisions across teams, and help shape the future of security at Quince.

Responsibilities

Security Architecture & Engineering

• Lead security architecture reviews and provide guidance on the design of new systems, services, and product features
• Review product requirements, technical designs, and implementation plans to embed security early in the development lifecycle
• Design and build security tooling, automation frameworks, and scalable security services
• Drive secure-by-design principles and security engineering best practices across the organization
• Define security standards, patterns, and architectural guardrails for engineering teams

Application & Product Security

• Own and evolve the application security program, including SAST, DAST, SCA, and CI/CD security controls
• Conduct vulnerability assessments and penetration testing across web, API, and mobile platforms
• Partner with engineering teams to identify, prioritize, and remediate security risks
• Manage security reviews and release sign-offs based on risk assessments
• Conduct vendor security assessments and oversee remediation activities for identified findings
• Perform third-party integration and API security reviews

Cloud, Infrastructure & Data Security

• Define and enforce cloud security standards across AWS environments
• Drive initiatives around identity management, network security, secrets management, logging, and infrastructure hardening
• Secure CI/CD pipelines and development infrastructure
• Lead data protection initiatives, including DLP controls across SaaS platforms, endpoints, and cloud environments
• Drive zero-trust architecture, access management, and infrastructure security improvements

Threat Detection, Incident Response & Offensive Security

• Lead security incident response investigations, containment, remediation, and root cause analysis efforts
• Build and optimize detections across SIEM, EDR, cloud security, and enterprise security platforms
• Conduct proactive threat hunting across cloud, endpoint, and SaaS environments
• Lead red team exercises, adversary simulations, and security validation initiatives
• Improve security visibility, detection coverage, and response effectiveness across the organization

Enterprise Security & Identity

• Oversee endpoint security, device management, and enterprise security controls
• Drive identity and access management initiatives across platforms such as Okta and Google Workspace
• Monitor and respond to phishing attacks, account compromise attempts, and insider threat indicators
• Establish scalable security controls for workforce and enterprise systems

Governance, Risk & Compliance

• Partner with compliance and legal teams to support programs such as SOC 2, ISO 27001, GDPR, and other regulatory requirements
• Drive security risk assessments and privacy reviews across products and business processes
• Ensure security controls align with business objectives, compliance requirements, and industry best practices
• Support audit readiness and continuous improvement of security governance processes

Qualifications

• 7+ years of experience in security engineering, application security, cloud security, or related technical security disciplines
• Strong hands-on expertise across multiple security domains including Application Security, Cloud Security, Detection & Response, and Infrastructure Security
• Experience conducting vulnerability assessments and penetration testing across web, API, and mobile applications
• Deep knowledge of security testing technologies including SAST, DAST, SCA, and CI/CD security tooling
• Strong experience securing cloud environments (AWS preferred)
• Experience with EDR, DLP, SIEM, and threat detection technologies, including platforms such as CrowdStrike
• Deep understanding of threat modeling, secure architecture design, and modern attack techniques
• Experience leading architecture reviews and influencing engineering decisions at scale
• Strong programming or scripting skills using Python, Go, or similar languages
• Excellent communication skills with the ability to communicate technical risks to both engineering teams and senior leadership
• Proven ability to lead complex security initiatives and influence cross-functional stakeholders

Preferred:

• Experience in e-commerce, retail technology, or large-scale consumer platforms
• Background in red teaming, adversary emulation, or offensive security operations
• Experience with Infrastructure-as-Code and policy-as-code technologies such as Terraform and OPA
• Familiarity with enterprise security platforms including Google Workspace, Okta, and DLP solutions
• Experience building internal security tooling and automation frameworks
• Security certifications such as OSCP, OSWE, CISSP, CCSP, or equivalent practical experience
• Experience operating in high-growth, cloud-native engineering organizations

What Success looks like: