Senior Security Program Engineer

About Phaidra

Phaidra is building the future of industrial automation.

The world today is filled with static, monolithic infrastructure. Factories, power plants, buildings, etc. operate the same they've operated for decades — because the controls programming is hard-coded. Thousands of lines of rules and heuristics that define how the machines interact with each other. The result of all this hard-coding is that facilities are frozen in time, unable to adapt to their environment while their performance slowly degrades.

Phaidra creates AI-powered control systems for the industrial sector, enabling industrial facilities to automatically learn and improve over time. Specifically:

• We use reinforcement learning algorithms to provide this intelligence, converting raw sensor data into high-value actions and decisions.
• We focus on industrial applications, which tend to be well-sensorized with measurable KPIs — perfect for reinforcement learning.
• We enable domain experts (our users) to configure the AI control systems (i.e. agents) without writing code. They define what they want their AI agents to do, and we do it for them.

Our team has a track record of applying AI to some of the toughest problems. From achieving superhuman performance with DeepMind's AlphaGo, to reducing the energy required to cool Google's Data Centers by 40%, we deeply understand AI and how to apply it in production for massive impact.

Phaidra’s ability to achieve its mission is determined by our ability to work together — as defined by our core values: Transparency, Collaboration, Operational Excellence, Ownership, and Empathy. We seek individuals who embody these values, as they are instrumental in ensuring our team consistently delivers excellence and fosters an engaging and supportive culture

Phaidra is based in the USA, but we are 100% remote with no physical office. We hire employees internationally with the help of our partner, OysterHR. Our team is currently located throughout the USA, Canada, UK, Italy, Sweden, Spain, Portugal, the Netherlands, Singapore, Australia, and India.

Who You Are

We are looking for a Senior Security Program Engineer to be the cornerstone of our product security efforts, embedding security into the DNA of our groundbreaking technology from the ground up. Security is not an afterthought; it is the bedrock of trust for our customers.

We are seeking a team member located within one of the following areas: USA or Canada.

• In the United States, we accept applicants located in the following states: California, Colorado, Connecticut, Georgia, Florida, Indiana, Maryland, Minnesota, Missouri, Nebraska, New York, North Carolina, Pennsylvania, South Carolina, Tennessee, Texas, Virginia, Washington. 
• In Canada, we accept applicants located in the following provinces: Ontario, British Columbia, and Alberta.

Responsibilities

• You will own Phaidra’s Product Security Program, developing and integrating cloud & application security into our Security Development Lifecycle practices.
• You will engage our Engineering, Research, and our Developer Corps, facilitating threat modeling and other threat informed practices driving greater security and resiliency across our service set.
• You will design secure infrastructure and reference architectures  and drive their implementation to secure Phaidra and its customer facing networks and systems.
• You will build security tools and processes to protect, monitor and remediate critical infrastructure using DevSecOps and SRE methodologies.
• You will help secure our CI/CD pipeline.
• You will conduct security reviews of core IT and production infrastructure.
• You will work with GCP and on-premise hosting platforms using Cloud Native technologies like Kubernetes.
• You will build and maintain cross-functional relationships with internal teams to drive initiatives.

Key Qualifications

• 5+ years of work experience.
• Bachelors or Masters in Computer Science, cybersecurity, or equivalent experience.
• Proven experience with Cloud and Networking infrastructure on AWS, GCP or Azure.
• Good understanding of the Linux Operating System, Networking, Security Monitoring, Intrusion Detection & Response, Authentication & Access Control and Security Protocols.
• Proven experience with Web Application security assessments and penetration testing.
• Programming experience, ideally with Python, Go or Bash scripting.
• Experience with Terraform or other configuration management tools like Jsonnet, Kapitan, Helm or Kustomize.
• Familiarity with DevOps and SRE principles.
• Share our company values: curiosity, ownership, transparency & directness, outcome-based performance, and customer empathy.

Our Stack

• Languages - (Backend) Python, Go; (Customer SDK & Clients) C# .NET
• Docker, Kubernetes, Terraform & Kapitan
• Gitlab CI, ArgoCD, Atlantis
• GCP - GKE, PubSub, CloudSQL, BigTable, Postgres, etc.
• REST & gRPC micro-services
• Pantsbuild

Onboarding Plan

30-Day Plan: Foundation and Familiarization

The first month should focus on learning the company culture, technology stack, and current security posture.

Understand the Landscape

• Build relationships with engineers, researchers, and developers to understand the current workflow and security challenges.
• Gain a comprehensive understanding of Phaidra’s existing Product Security Program and Security Development Lifecycle practices.
• Familiarize yourself with the current cloud infrastructure on GCP, on-premise platforms, and the use of Kubernetes.
• Review the CI/CD pipeline and existing security measures within it.
• Become proficient with the company's tech stack, including Python, Go, C# .NET, Terraform, and Kubernetes.

Initial Assessments

• Conduct initial security reviews of core IT and production infrastructure to identify immediate risks.
• Begin participating in threat modeling exercises with the engineering teams.
• Review existing security tools, processes, and monitoring capabilities.

60-Day Plan: Taking Ownership and Initiating Projects

The second month should shift towards taking ownership of key responsibilities and starting to implement improvements.

Program Ownership:

• Take full ownership of the Product Security Program, beginning to develop and integrate cloud and application security enhancements.
• Start designing secure infrastructure and reference architectures based on initial assessments.
• Identify gaps in the existing CI/CD pipeline security and begin proposing solutions.

Hands-On Implementation:

• Begin building or enhancing security tools and processes for monitoring and remediation, utilizing DevSecOps methodologies.
• Engage in web application security assessments and penetration testing to identify vulnerabilities. 
• Start applying knowledge of Linux, networking, and security protocols to harden systems.

90-Day Plan: Driving Impact and Future Strategy

By the end of the first three months, the focus should be on demonstrating tangible results and planning for the future.

Driving Initiatives

• Drive the implementation of the secure infrastructure and reference architectures you designed.
• Have new security tools or processes in place to protect critical infrastructure.
• Demonstrate measurable improvements in the security and resiliency of Phaidra's services.

Strategic Contributions

• Establish yourself as a key security partner for the Engineering, Research, and Developer Corps. 
• Present a strategic roadmap for the future of the Product Security Program, outlining key initiatives for the next 6-12 months.
• Showcase how your work aligns with and upholds company values such as ownership, transparency, and customer empathy. 

General Interview Process

All of our interviews are held via Google Meet, and an active camera connection is required.

1. Meeting with People Operations team member (30 minutes): The purpose of this interview is to meet the candidate, learn more about their background, discuss what they are looking for in a new position, and cover formalities around their application.
2. Meeting with Hiring Manager (30 minutes): This is an introductory call with the hiring manager so that the candidate and the hiring manager can get to know each other better. It will mainly focus on the candidate’s previous experience and technical background. This meeting is also meant to enable candidates to ask any questions about the team and role. 
3. Meeting with Infrastructure & Connectivity (45 minutes): The purpose of this meeting is to gauge the candidate's technical understanding and their ability to contribute in areas such as software engineering, infrastructure, and SecOps.
4. Meeting with Product Development (30 minutes): The purpose of this meeting is to evaluate the candidate’s ability to integrate with product development, understand their challenges, and collaboratively work to integrate the Product Security program into Product Development’s standard work processes.
5. Culture fit interview with Phaidra’s co-founders (30 minutes): This meeting is meant to provide the co-founders insight into how the candidate thinks, how they approach working with others, and how they operate on a daily basis. 

Base Salary

• United States Residents: 113,000 USD - 185,000 USD
• Canada Residents: 103,000 CAD - 139,000 CAD

This position will also include equity.

These are best faith estimates of the base salary range for this position. Multiple factors such as experience, education, level, and location are taken into account when determining compensation.

Benefits & Perks

• Fast-paced and team-oriented environment where you will be instrumental in the direction of the company.
• Phaidra is a 100% remote company with a digital nomad policy.
• Competitive compensation & equity.
• Outsized responsibilities & professional development.
• Training is foundational; functional, customer immersion, and development training.
• Medical, dental, and vision insurance (exact benefits vary by region).
• Unlimited paid time off, with a minimum of 20 days off per year requirement.
• Paid parental leave (exact benefits vary by region).
• Home office setup allowance, coworking space stipend, and company MacBook.

*Please note that Phaidra’s benefits and perks listed above do not apply to temporary employees such as interns.

On being Remote

We are thoughtful about remote collaboration. We look to the pioneers - like Gitlab - for inspiration and best practices to create a stellar remote work environment. We have a documentation-first culture and actively practice asynchronous communication in everything we do. Our team stays connected through tools like Slack and video chat. We have dedicated all-hands meetings weekly to build strong relationships, and we hold virtual team building events as well as virtual socials. 

Equal Opportunity Employment

Phaidra is an Equal Opportunity Employer; employment with Phaidra is governed on the basis of merit, competence, and qualifications and will not be influenced in any manner by race, color, religion, gender, national origin/ethnicity, veteran status, disability status, age, sexual orientation, gender identity, marital status, mental or physical disability, or any other legally protected status. We welcome diversity and strive to maintain an inclusive environment for all employees. If you need assistance with completing the application process, please contact us at hiring@phaidra.ai.

E-Verify Notice

Phaidra participates in E-Verify, an employment authorization database provided through the U.S. Department of Homeland Security (DHS) and Social Security Administration (SSA). As required by law, we will provide the SSA and, if necessary, the DHS, with information from each new employee’s Form I-9 to confirm work authorization for those residing in the United States.

Additional information about E-Verify can be found here.

#LI-Remote

WE DO NOT ACCEPT APPLICATIONS FROM RECRUITERS.