Platform Security Engineer - Office CISO

Overview

Founded in 2017, Obsidian Security was created to close a critical gap: securing the SaaS applications where modern business happens—platforms like Microsoft 365, Salesforce, and hundreds more. Backed by top investors, we’ve built a complete SaaS security platform to reduce risk, detect and respond to threats, and prevent breaches at the source. Our team includes leaders who helped define the categories of endpoint and identity security at Crowd Strike, Okta, Cylance, and Carbon Black.

We’re transforming how SaaS is secured—in the era of agentic AI. Today, Obsidian is trusted by global enterprises and protects more than 200 organizations across regions worldwide. With a growing partner ecosystem and momentum toward long-term growth, we’re scaling quickly toward IPO readiness. Join us as we define the future of SaaS security!

Staff Platform Security Engineer - Office of the CISO

• A highly technical, mission- and values-driven security professional with software engineering, automation, and application/infrastructure security experience.
• 8+ years of security engineering experience.
• Proficiency in Python (minimum).
• Proficiency in Terraform (Infrastructure-as-Code).
• Proficiency in securing Kubernetes, AWS, and GCP environments.
• Proficiency in securing the Git Lab platform and security automation.
• Excellent understanding of multiple security domains (protection, detection, response, application security, vulnerability management, or threat intelligence).
• Strong collaboration skills with internal and external stakeholders during incident life cycles.
• Ability to communicate across the company to encourage and educate on best practices, standards, and policies.

• Security Architecture and Technical Leadership
• Design and drive a holistic Platform Security strategy aligned with business risk posture and compliance requirements.
• Collaborate with IT, GRC, Dev Ops, and Engineering to build secure, privacy-by-default hosting platforms.
• Define and implement secure patterns for cloud-native architectures (containers, serverless, IaC).
• Create automation workflows for security incident detection and response across environments.
• Establish continuous compliance pipelines for standards like SOC 2, ISO 27001, FedRAMP, or HIPAA.
• Lead security architecture reviews, threat modeling sessions, and secure coding workshops.
• Mentor junior security engineers and influence cross-functional teams through technical thought leadership.

• Ensuring the Obsidian product is built and deployed to a high-security standard
• Ensure application code, images, dependencies, and infrastructure are scanned for vulnerabilities and remediated in a timely, risk-informed manner.
• Embed security controls into build and deployment pipelines (Git Lab CI).
• Mature vulnerability scanning (SAST, DAST, SCA) and integrate results into feedback loops for security and engineering teams.
• Develop and enforce guardrails and policy-as-code (OPA) to prevent misconfigurations and policy drift.
• Harden CI/CD infrastructure and other critical infrastructures according to security best practices and standards, and monitor for threats.
• Harden Kubernetes clusters, container runtimes, and cloud environments (AWS/GCP).
• Lead implementation of infrastructure as code (Terraform), security validation, and drift detection.
• Drive zero-trust principles in service-to-service communication and access control.
• Support product penetration testing and red team exercises.
• Ensure Obsidian assets are managed to a high-security standard.
• Implement security tooling, automation, and orchestration for detection, response, reporting, and vulnerability management.
• Maintain, optimize, and deploy security tooling across the Obsidian install base.
• Develop security threat detection rules and analytics and drive posture security maturity.
• Support security program continuity with mature documentation, processes, and runbooks; build playbooks for recurring events.

• Be part of a team-first, low-ego, mission-focused culture.
• Provide opportunities for professional development and high-impact contributions to security.
• Influence the Obsidian product development.
• Annual…