Principal Security Engineer

At Podium, we bring AI Employees to local businesses that turn every conversation into revenue. Trusted by 60,000+ businesses across Auto, Home Services, and Aesthetics, Podium captures and converts leads 24/7, driving both new business and repeat customers.

In under 24 months, we crossed $100M in AI Agent ARR, scaling 300% year-over-year. During this time, we’ve deployed 10,000 AI employees to empower real business outcomes for our customers. Podium is building what we believe will be the most impactful AI employee ecosystem for local business.

Podium has been recognized as the Best AI Implementation by Inc. Magazine, highlighted by OpenAI for building revenue-driving AI Agents, and awarded the #1 AI Agent for Business Operations by G2.

Our growth is fueled by hiring exceptional people, holding them to high standards, and creating opportunities for them to grow and make an impact. Our operating principles guide daily behavior and ensure we hire people who will thrive at Podium. If you're hungry for growth, aligned to our operating principles, and ready to get to work, you won't find a better place to learn and accelerate your career.

Principal Security Engineer

As a Principal Security Engineer at Podium, you will be responsible for validating that application services are designed and implemented with high security standards. You will analyze application security, addressing both legacy and emerging security issues, and implement repeatable secure development practices to prevent program flaws that could lead to exploitation. You will constantly assess applications for weakness, provide resolutions and communicate findings to the technical leadership team for effective risk mitigation. You will be constantly assessing applications for weaknesses and finding resolutions before they can be abused.

In this role, you will also assess the security of applications for business-to-business initiatives, third-party relationships, and vendors. As a highly knowledgeable individual, you will recommend programmatic controls, and monitor and manage secure development practices to tackle modern-day issues. You will think like an attacker, but will always act with integrity and not abuse your privilege. 

What you will be doing:

• Collaborate with developers, DevSecOps, and other teams to conduct repetitive validation testing and ensure a continuous cycle of secure development.
• Stay updated on public-facing security issues, adopt new testing tactics, and actively participate in application projects and change management committees.
• Define and follow a security review process, utilizing dynamic and static code analysis resources.
• Document delivery advances meeting service-level agreements (SLAs) and business metrics.
• Align with architects and development teams for secure design, actively engaging in information security projects.
• Perform vulnerability and penetration testing, emphasizing automation for testing and remediation.

What you should have:

• 4+ years of cybersecurity experience with a deep background (preferably 5+ years) in application programming.
• Technical and analytical expertise, including threat modeling, vulnerability testing, and proficiency in software development (Java, Python, C++, Ruby, etc.).
• Solid understanding of network and web protocols, experience with intra-company and third-party APIs, and proficiency with dynamic and static analysis tools.
• Excellent communication of business risk from cybersecurity issues and a track record of integrity, excellence, curiosity, and adaptability.

What we hope you have:

• Experience with applications in AWS, Microsoft Azure, or GCP, and proficiency in cryptography controls.
• DevOps background in public and private clouds, scripting skills in Python, JavaScript, PowerShell, PHP, or Ruby.
• Familiarity with ISO 27001, NIST, PCI DSS, HIPAA, HITECH Act, SOX, GDPR, CIS standards, or SOC 2.
• Working knowledge of Windows, Linux, Unix, and state privacy laws.
• Highly trustworthy with leadership qualities.
• Bachelor’s degree in computer science, information assurance, MIS, or related field, or equivalent experience.
• Certifications preferences: SANS certifications (GWAPT), CISSP (preferred, or CSSLP), OSCP, and related certifications.

Why you’ll love working here:

• Podium is the best place to work to:
• Join the leaders in AI agents
• Unlock career-defining growth
• Build with world-class talent
• Make a real impact on local business

Benefits

• (If local to Utah) Work in this building in Lehi, UT 5 days a week
• Open and transparent culture 
• Life insurance, long and short-term disability coverage
• Paid maternity and paternity leave
• Fertility Benefits
• Generous vacation time, plus three 4-day summer holiday weekends
• Excellent medical, dental, and vision benefits
• 401k Plan
• Bi-annual swag drops with cool Podium gear and apparel 
• A stellar HQ (Utah) gym with local professional coaches and classes offered
• Onsite HQ (Utah) child care center, subsidized for employees

Podium is an equal opportunity employer. Podium provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, gender, national origin, sexual orientation, gender identity or expression, age, disability, genetic information, marital status or veteran status.