Staff Security Engineer

About Buildkite

At Buildkite, our mission is to unblock every developer on the planet. We’ve rethought how software delivery should work and have built a platform that is fast, reliable, secure, and able to scale to the needs of the most demanding high-growth tech companies globally including Airbnb, Shopify, Canva, PagerDuty, Lyft, and Pinterest.

Job Overview

We’re looking for a Staff Security Engineer to help shape and scale security across Buildkite’s platform, infrastructure, and developer workflows.

This is a hands-on technical leadership role. You’ll drive security architecture, influence engineering standards, and help embed secure-by-default thinking into how we build and ship software. You’ll operate across Application Security, Adversarial Security, and Cloud & Platform Security - setting technical direction while remaining close to implementation.

Staff Engineers at Buildkite are force multipliers. In this role, you’ll raise the security bar across the organisation, partner deeply with Engineering and Product leaders, and design security systems that scale with our growth.

🔧 About the Security Team

The Security team at Buildkite designs secure-by-default infrastructure, developer workflows, and data protection systems. We work closely with Engineering, Platform, and Product to reduce risk without slowing delivery.

As a small, high-impact team in a fast-growing company, we focus on:

• Embedding security into the SDLC and CI/CD workflows
• Proactively identifying and validating risks through adversarial testing
• Designing cloud and infrastructure controls that scale
• Building guardrails and automation that make the secure path the easiest path
• Ensuring that AI is a key part of our evolution

This role will help define the next stage of maturity for security at Buildkite.

🚀 What You’ll Do

Build and Improve Security Across the Platform

• Lead threat modeling and architectural security reviews for all parts of the organisation
• Conduct Adversary Simulations and Penetrations Tests against key parts of the Application and business (attack simulation, exploit validation, abuse-case testing)
• Drive the technical strategy for Application Security, adversarial testing, and cloud security
• Design scalable security guardrails across CI/CD, infrastructure-as-code, and developer tooling
• Improve vulnerability discovery, triage, remediation workflows, and ownership models
• Strengthen supply chain and dependency security across build systems and artifacts
• Design security controls that are embedded into product and infrastructure

Lead and Unblock at the Org Level

• Act as a trusted security partner to engineering leaders and senior ICs
• Drive alignment on security trade-offs across product velocity, reliability, and risk
• Lead high-impact security initiatives end-to-end (discovery → prioritisation → implementation → rollout)
• Shape incident readiness, detection improvements, and post-incident hardening
• Mentor engineers to elevate secure design and implementation practices
• Contribute to cross-team technical direction beyond immediate security scope when needed

Raise the Bar Through Systems Thinking

• Identify structural risks and design long-term solutions rather than point fixes
• Introduce automation, tooling, and policy-as-code to reduce recurring classes of issues
• Improve how we measure security posture and communicate risk at leadership levels
• Ensure security scales with Buildkite’s infrastructure, customer growth, and product expansion

🎨 Skills & Experience We Value

Deep Security Expertise

• 7+ years of experience in security engineering, with strong depth in application security and adversarial testing 
• Extensive knowledge of common web and API vulnerabilities (OWASP Top 10 and beyond) and practical remediation patterns
• Experience designing and reviewing secure architectures for distributed systems
• Hands-on adversarial security experience (offensive testing, exploit validation, abuse-case modeling, red teaming)
• Strong understanding of cloud security fundamentals, ideally in AWS environment

Platform & Infrastructure Experience

• Experience securing CI/CD pipelines and modern developer platforms
• Familiarity with Terraform or other infrastructure-as-code systems
• Experience working with Kubernetes security patterns and workload controls
• Strong understanding of identity, secrets management, and access control systems
• Comfortable reading and writing production code (Ruby, Go, or similar)

✨ Why Join Buildkite

At Buildkite, we value kindness, autonomy, and collaboration. You’ll be joining a remote-first company where your work directly helps some of the world’s best engineering teams build and ship software faster and more safely.

• Competitive compensation, including salary, equity, and benefits package
• Flexible, remote-first culture
• Meaningful technical challenges at scale
• Opportunities for professional growth and company-wide technical influence
• A collaborative, inclusive, and innovative culture where your ideas make a real impact

🌈 Equal Opportunity Employer

At Buildkite, we value diversity and celebrate all types of skills, backgrounds, and experiences. We’re dedicated to fostering an inclusive environment and providing reasonable accommodations throughout our recruitment process.

If you need any accommodations or support during the application or interview process, please reach out to us at accommodations@buildkite.com.