Senior Security Engineer

Senior Security Engineer

Canopy, South Jordan, UT

About Us

Canopy is a fast-growing SaaS company in South Jordan, Utah building simple, efficient software for accounting firms. We are looking to revolutionize the accounting space with modern, user-friendly software for a neglected industry. 

We aim to help our clients unlock the firm they’ve always wanted with our Practice Management Suite. We place a strong emphasis on delighting our customers, spotting and solving problems, and being good people along the way. And we just secured $70M in Series C funding to help us fulfill that mission.

Click here to see why our clients (and investors) love Canopy.

Interested in learning more about Canopy & the industry? Check out our blog here where you can find great information on our product features, industry news, practice management, and more!

The Opportunity

Canopy is looking for a Senior Security Engineer to strengthen our security posture across application, cloud, and operational domains. In this role, you will assess our environment, identify gaps, build out the security roadmap, and own initiatives through to completion. You will work directly with engineering teams on application security, collaborate with DevOps on cloud security, mature our incident response program, and automate security workflows to scale our capabilities.

This can be a hybrid position in South Jordan, Utah (M, W, F in-office) or fully remote based from Utah, reporting to the Director of DevOps, Security & IT.

What You’ll Do

• Evaluate Canopy’s security posture across application, cloud, and infrastructure layers. Identify gaps, prioritize remediation, and own roadmap items through to completion.
• Lead application security efforts including code review across Python and Java/Kotlin codebases, API security assessments, and secure development guidance for engineering teams.
• Integrate and manage SAST tooling (Semgrep, Snyk Code, Checkmarx, or GitHub Advanced Security) within CI/CD pipelines (GitHub Actions/GitLab). Own finding triage, rule tuning, and false positive management.
• Collaborate with DevOps on AWS cloud security posture, including Security Hub, GuardDuty, WAF rule management, AMI/golden image pipelines, and infrastructure-as-code security via Terraform.
• Mature and evolve Canopy’s incident response program, improving playbooks, processes, and readiness.
• Build security automation and tooling using Python, including API integrations, data enrichment workflows, and tool orchestration.
• Partner cross-functionally with engineering, DevOps, and IT to embed security into development and operational workflows.

What We’re Looking For

• 6+ years of experience in information security, with a focus on application security, cloud security, or security engineering.
• Experience working at a SaaS company with production environments in AWS.
• Strong application security skills including code review in Python and/or Java/Kotlin, API security, and familiarity with common web application vulnerabilities (OWASP Top 10).
• Hands-on experience with SAST tools (Semgrep, Snyk, Checkmarx, or GitHub Advanced Security) and integrating them into CI/CD pipelines.
• Working knowledge of AWS security services (Security Hub, GuardDuty, WAF, EC2 Image Builder, SSM) and infrastructure-as-code tools like Terraform.
• Proficiency in Python for security automation, scripting, and API integrations.
• Incident response experience in a structured IR program, with the ability to mature processes and lead investigations.
• Ability to identify strategic security gaps, build a roadmap, and drive initiatives to completion with minimal oversight.
• Strong communication skills with the ability to translate security risks into business context for both technical and non-technical audiences.

Nice to Have

• Experience with server-side EDR platforms (SentinelOne or CrowdStrike Falcon).
• Familiarity with container security and Kubernetes environments.
• Relevant certifications (CISSP, GCIH, AWS Security Specialty, OSCP, or similar).
• Experience with WAF rule management and DDoS mitigation strategies.
  
  

We know many women do not apply for a job if they don’t perfectly fit the description. We want you to apply anyway.

Why You Want to Work Here

🌴 Flexible Paid Time Off - you’re actually encouraged to use, plus 10 company holidays! 

❤️‍🩹 Health Benefits - including Medical, Dental, and Vision and an HSA Match. 

💰 401(k) - we match 100% up to 3% of your contribution. Eligibility is immediate with 100% vesting.

🧠 Mental Health -  all employees have access to Impact Suite & to our Employee Assistance Program (EAP).

👶 Paid New Parent Leave & Birthing Parent Leave - so you’re able to care for your little ones.

➕ Supplemental Benefits - including 100% company paid Basic Life & AD&D insurance and long & short-term disability coverage.

🌟 Nectar - our peer-to-peer recognition program to help our employees recognize the amazing work being done by other Canopians!

🥳 Company Events - including monthly company-wide meetings, summer parties, and more.

💡 ERG Committees - to plan initiatives around continuing education, community outreach, recruiting, onboarding, and more.

☕ Fully-stocked kitchen - Keto? Vegan? Flexitarian? Mandalorian? We’ve got you covered. 

Our Values

We approach our work every day with a few things in mind:

🔑 Own - We own this place! We focus on outcomes, holding ourselves & each other accountable.

🏆 Win - We win by delighting our customers with the very best products and services.

👍 Do Good - We work hard to be good people!

💡 Embrace Curiosity & Candor - We approach everything with curiosity & we understand that candor is kindness and give the gift of feedback.

Act Startup Fast - We know the best way to become a world-class company is to always act like a tiny startup: fast, hungry, intense, and scrappy. But especially fast.

To learn more about us & our values, click here.

Interviewing @ Canopy

Application processes can be a little stressful. Here are the stages of a typical interview process at Canopy:

• Once your application is received, we will review it and get back to you if we feel like it’s a mutual fit! 
• 20-minute phone call with the People Team
• 45-60-minute video or in-person interview with the Hiring Manager
• 1-3 rounds of interviews, depending on the role
• Final Interview

Interview processes can vary depending on the role. The People Team will give you a role-specific overview of the process during your first phone call. 

Remember: This is your interview too! We know candidates are evaluating us just as much as we are them. We encourage you to bring questions to each of your interviews—our hiring teams will always make sure to save time for questions at the end! 

Canopy is an equal-opportunity employer. Canopy provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, gender, national origin, sexual orientation, gender identity or expression, age, disability, genetic information, marital status, or veteran status.