Staff Security Engineer, Prod Sec

About Kandji

Kandji is the Apple device management and security platform that empowers secure and productive global work. With Kandji, Apple devices transform themselves into enterprise-ready endpoints, with all the right apps, settings, and security systems in place. Through advanced automation and thoughtful experiences, we’re bringing much-needed harmony to the way IT, InfoSec, and Apple device users work today and tomorrow.

Some of the smartest money in tech has partnered with Kandji to realize our vision, including Tiger Global, Felicis, Greycroft, First Round Capital, and Okta Ventures. In July 2024, Kandji raised $100 million in capital from General Catalyst, bringing Kandji’s valuation to $850 Million.

Since Kandji’s Series C in 2021, the company has seen a 600%+ increase in annual recurring revenue, and its customer base has grown nearly 4X across 40+ industries. Notable customers include Allbirds, Canva, and Notion, and the company has partnerships with such industry giants as ServiceNow, AWS, and Okta.

Kandji was also named to Forbes’ Next Billion Dollar Startup List 2023 and recognized as a top venture-backed startup with the potential to reach unicorn status.

The Opportunity

This role requires a deep understanding of Cybersecurity principles, application security, DevSecOps, incident response, cloud security, offensive security, and proactive threat detection. Kandji is seeking someone with a proven track record of managing security risks, driving security initiatives, and collaborating across product and engineering teams. This role reports directly to the Head of Infosec.

• Collaborate with Product, Engineering, and DevOps to embed security into our API and platform development lifecycle.
• Perform threat modeling and security reviews to spot risks early and keep our products secure
• Identify, triage, and remediate security vulnerabilities in our codebase, infrastructure, and third-party dependencies
• Support and manage our bug bounty program, coordinating triage and resolution.
• Build and tweak automation tools for security testing and monitoring (e.g., static/dynamic analysis, secrets detection, dependency scanning)
• Participate in security incident response efforts, including investigation, containment, and post-mortem analysis, to ensure rapid resolution and continuous improvement
• Harden our cloud systems (AWS, Terraform, Snowflake) and products to meet industry standards and protect against evolving threats
• Partner with cross-functional teams to make security seamless without slowing us down
• Promote a security-first mindset by providing guidance, training, and documentation to team members on secure coding practices and emerging threats
• Assist with compliance audits and assessments as necessary (e.g., SOC 2, ISO 27001, etc.)
• Conduct security research and contribute to the development of new security tools and techniques.
• Take ownership of security initiatives from design to implementation and measurable outcomes
• Define and track metrics to assess product security health and incident response effectiveness
• Contribute to security policies, coding standards, and risk management frameworks
• Mentor engineers and foster secure-by-default practices across the organization

• 6-8 years of experience in product security and DevSecOps-focused roles
• Proficiency in at least one programming language (e.g., Go, Python, etc.) and the ability to review and write secure code
• Experience with API security (e.g., OAuth, JWT, WAF, rate limiting)
• Knowledge of LLM based attack vectors and mitigation strategies
• Experience with cloud security (e.g., AWS) including DevSecOps and embedding security in the CI/CD pipeline
• A strong understanding of how to secure containerized environments (e.g., Kubernetes, Docker)
• Familiarity with security tools such as static code analyzers, vulnerability scanners, and penetration testing frameworks
• Knowledge of common security vulnerabilities (e.g., OWASP Top 10) and mitigation strategies
• Analytical, curious, and solutions-oriented—especially under pressure
• Strong communicator who thrives in cross-functional teams

• Bachelor's degree in Information Technology or a related field
• Security related certifications such as CISSP, GIAC, OSCP, CRTO, K8s is a plus
• Experience working on security products, preventing cross-contamination
• Experience in securing and monitoring APIs
• Business acumen to be able to balance tradeoffs between stakeholders and technology feasibility and budget constraints

Benefits & Perks

 • Competitive salary

 • 100% individual and dependent medical + dental + vision coverage

 • 401(k) with a 4% company match

 • 20 days PTO

 • Kandji Wellness Week the first week in July

 • Equity for full-time employees

 • Up to 16 weeks of paid leave for new parents

 • Paid Family and Medical Leave

 • Modern Health - Mental Health Benefits - Individual and Dependents

• Fertility Benefits

 • Working Advantage Employee Discounts

 • Free onsite fitness center

 • Free parking

 • Lunch 5 days/week

 • Exciting opportunities for career growth

 • An outstanding, inclusive culture

We are excited to be serving a significant need for a fast-growing market, and are proud of the high-performing team we have brought together so far. If you’re someone who wants to engage in new, exciting projects that will challenge your skills in the best way possible, we would love to connect with you.

At Kandji we believe in fostering an inclusive environment in which employees feel encouraged to share their unique perspectives, leverage their strengths, and act authentically. We know that diverse teams are strong teams, and welcome those from all backgrounds and varying experiences.

Kandji is proud to be an equal opportunity employer committed to diversity and inclusion in the workplace. Qualified applicants will be considered for employment without regard to race, color, religion, national origin, age, sex, sexual orientation, gender identity, physical or mental disability, protected veteran or military status or any other status protected by applicable law.