Lead Security Engineer

The Role:

As the Security Engineering Lead at Airbyte, you will be the single-threaded owner of security, compliance, and privacy for the company, working in close partnership with engineering, product, legal, and leadership.

This is a senior, hands-on role for someone excited to shape how security is built, embedded, and scaled in a growing company. You will have the autonomy to set direction and make risk-based decisions, along with strong cross-functional support to execute effectively.

Your work will sit at the intersection of product, infrastructure, compliance, and go-to-market, with direct impact on customer trust, enterprise adoption, and Airbyte’s ability to scale securely.

• Own Airbyte’s security end-to-end, spanning cloud, application, endpoint, and identity security

• Set security priorities and roadmaps in alignment with business goals and engineering strategy

• Serve as the primary security decision-maker, bringing sound judgment, context, and partnership to risk decisions and escalations

• Lead incident detection, investigation, and response, building clear, reliable, and repeatable processes

• Own and evolve Airbyte’s SOC 2 Type II and ISO 27001 programs, ensuring ongoing audit readiness and operational maturity

• Partner with engineers to embed security into system design, architecture, and major platform initiatives

• Enable enterprise growth by leading customer-facing security engagements, including questionnaires, ad-hoc inquiries, and security-related contractual discussions

• Define and operate identity and access management, including SSO, SCIM, RBAC, and access reviews

• Maintain and improve Airbyte’s privacy program, collaborating with Legal on privacy policies, DPAs, TIAs, and regulatory obligations

• Drive vulnerability management across the stack, including AWS, GCP, Kubernetes, applications, and container images

• Influence security culture and standards across the company as Airbyte continues to grow

• 3+ years of security leadership experience

• 5–8+ years of experience in security engineering, cybersecurity, or related roles

• Experience making practical, risk-based security decisions in collaboration with engineering and business partners

• Working knowledge of SOC 2 Type II, ISO 27001, and security governance concepts

• Hands-on familiarity with cloud security, Kubernetes, and modern CI/CD environments

• Strong communication skills, with the ability to explain security concepts to both technical and non-technical audiences

• Comfort balancing security, compliance, and delivery velocity in a fast-moving environment.

• Familiarity with privacy programs and regulations such as GDPR and CCPA

• Experience evaluating or applying AI-powered tools to security use cases such as detection, triage, policy analysis, or vulnerability management

• A mindset of curiosity, continuous learning, and shared ownership

• Onsite 5 days/week in San Francisco, CA

If you find this role exciting, we encourage you to apply even if you think you don’t meet all of the requirements!

Airbyte is an equal opportunity employer that does not discriminate on the basis of actual or perceived race, creed, color, religion, national origin, dicetancy, age, physical or mental disability, pregnancy, genetic information, sex, sexual orientation, gender identity or expression, marital status, familialvendicity, domestic violence victim status, veteran or military status, or any other legally recognized protected basis under federal, state or local laws.

Pursuant to the San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records.

Airbyte is committed to providing reasonable accommodations for qualified individuals with disabilities in our job application procedures. Please let us know if you need assistance or accommodation due to a disability.