Staff Platform Security Engineer - Office of the CISO jobs in United States
cer-icon
Apply on Employer Site
company-logo

Obsidian Security · 4 hours ago

Staff Platform Security Engineer - Office of the CISO

positionPalo Alto, CA
timeFull-time
remoteOnsite
seniorityLead/Staff
money$223K/yr - $252K/yr
date8+ years exp

Obsidian Security is a cybersecurity startup focused on securing SaaS applications. They are seeking a Staff Platform Security Engineer to enhance product security by architecting, implementing, and scaling security automation and policy enforcement across their platforms.

ComputerCyber SecurityNetwork SecuritySaaS
check
H1B Sponsor Likelynote

Responsibilities

Design and drive a holistic Platform Security strategy aligned with business risk posture and compliance requirements
Collaborate with IT, GRC, DevOps, and Engineering teams to build secure and privacy-by-default product hosting platforms
Define and implement secure patterns for cloud-native architectures (e.g., containers, serverless, IaC)
Create automation workflows for security incident detection and response across environments
Establish continuous compliance pipelines for standards like SOC 2, ISO 27001, FedRAMP, or HIPAA
Lead security architecture reviews, threat modeling sessions, and secure coding workshops
Mentor more junior security engineers and influence cross-functional teams through technical thought leadership
Ensure that application code, images, dependencies, and infrastructure are scanned for vulnerabilities and that vulnerabilities are remediated in a risk-informed and timely manner
Embed security controls into build and deployment pipelines (GitLab CI)
Mature vulnerability scanning (SAST, DAST, SCA) and integrate results into feedback loops for security and engineering teams
Develop and enforce guardrails and policy-as-code (OPA) to prevent misconfigurations and policy drift
Ensure that CI/CD infrastructure and other critical infrastructures and systems are hardened according to security best practices and standards, and monitored for security threats
Harden Kubernetes clusters, container runtimes, and cloud environments (AWS/GCP) using security standards and best practices
Lead implementation of infrastructure as code (Terraform), security validation, and drift detection
Drive zero-trust principles in service-to-service communication and access control
Support product penetration testing and corporate red teaming exercises
Implement security tooling, automation, and orchestration as needed for detection, response, reporting, and vulnerability management capabilities
Ensure that security tooling is maintained, optimized, and consistently deployed across the Obsidian install base
Develop security threat detection rules and analytics within Obsidian security tooling systems and drive posture security maturity
Support security program continuity and resiliency by maturing security documentation, processes, and runbooks. Build playbooks for recurring security events and operations

Qualification

Security ArchitecturePythonTerraformKubernetes SecurityAWS/GCP SecuritySecurity AutomationGitLab SecurityVulnerability ManagementSoft Skills

Required

At least 8 years of security engineering experience
Proficient in software engineering with emphasis on the Python programming language at a minimum
Proficient in Terraform Infrastructure-as-Code
Proficient in securing Kubernetes
Proficient in securing AWS and GCP environments
Proficient in securing the GitLab platform
Proficient in security automation
Excellent understanding of multiple security domains, such as protection, detection, response, application security, vulnerability management, or threat intelligence
Be obsessive about security while doing everything possible to support the overall mission
Experience working with multiple internal and external stakeholders during incident lifecycles
Experience communicating across a company to encourage and educate on best practices, standards, and policies

Benefits

Competitive compensation with equity and 401k
Comprehensive healthcare with dental and vision coverage
Flexible paid time off and paid holiday time off
12 weeks of new parent or family leave
Personal and professional development resources

Company

Obsidian Security

twittertwittertwitter
company-logo
Obsidian Security is a threat detection and posture management for business-critical saas applications.
dateFounded in 2017
location
Newport Beach, California, USA
people-size51-200 employees
web-link
https://www.obsidiansecurity.com

H1B Sponsorship

Obsidian Security has a track record of offering H1B sponsorships. Please note that this does not guarantee sponsorship for this specific role. Below presents additional info for your reference. (Data Powered by US Department of Labor)
Distribution of Different Job Fields Receiving Sponsorship
Represents job field similar to this job
Trends of Total Sponsorships
2025 (5)
2024 (5)
2023 (1)
2022 (4)
2021 (3)
2020 (2)

Funding

Current Stage
Growth Stage
Total Funding
$119.5M
Key Investors
Wing Venture CapitalGreylock
2022-04-14Series C· $90M
2019-02-27Series B· $20M
2017-06-08Series A· $9.5M

Leadership Team

leader-logo
Hasan Imam
CEO
linkedin
leader-logo
Ben Johnson
Co-Founder
linkedin

Recent News

Help Net Security
New infosec products of the week: January 23, 2026
2026-01-23
Business Wire
Obsidian Security Announces End-to-End SaaS Supply Chain Protection as Agentic AI Adoption Accelerates
2026-01-22
Greylock
Our Investment in Obsidian Security
2025-12-29
Company data provided by crunchbase