Senior Security Engineer
San Francisco, San Francisco County, California, 94199, USA
Listed on 2026-07-18
-
IT/Tech
Cybersecurity
About ngrok Inc.
ngrok is an all-in-one cloud networking platform that secures, transforms, and routes traffic to services running anywhere. Instead of cobbling together nginx, NLBs, VPNs, model routers, and oodles of other tools, developers solve every networking problem with one gateway. Doesn’t matter if they’re sharing localhost or running AI workloads in production.
We’re trusted by more than 9 million developers at companies like Git Hub, Okta, Hashi Corp, and Twilio. What started as a way to put your local app on a public URL has grown into a universal gateway for API delivery, AI inference, device fleets, and site-to-site connectivity. It’s the same ngrok that millions of developers have loved and leaned on every day for years, now with the power to run production traffic at scale.
Aboutthe Security Team
Security at ngrok is being built from the ground up, and this role is the foundation. ngrok sits at a uniquely sensitive position in the internet stack: traffic flows through us, and the developers and companies who rely on us trust us with that. As our first dedicated Security Engineer, you won’t be inheriting a sprawling program or a backlog of someone else’s decisions.
You’ll be defining how security works here — partnering closely with engineering, infrastructure, and leadership to build automated guardrails, opinionated defaults, and self-service tooling that scale with the team rather than slow it down. The threat landscape is shifting fast, and we want a security posture we’re proud to stand behind.
- Audit the current state of security tooling, pipeline coverage, cloud posture, and detection capabilities, and turn that into a prioritized security roadmap tied to ngrok’s business objectives
- Ship developer-facing security tooling: automated checks in CI/CD, secrets scanning, dependency vulnerability tracking, and secure-by-default libraries that make the right choice the easy choice
- Run a structured risk assessment across product and infrastructure to document what we know, what we don’t, and what needs to change
- Establish guardrails for how we use AI in our engineering pipeline — policies and tooling that let us move fast without introducing new risk classes
- Stand up baseline detection and response: log coverage, alerting, and a documented incident response process
- Own the security engineering program end-to-end over time — clear ownership, documented controls, meaningful metrics, and an internal security platform (reusable libraries, self-service tooling, automation) that reduces the security burden on every engineer
- You’ve worked in a security engineering role where you shipped tooling, built automation, or owned security infrastructure — not just reviewed it
- You have strong engineering fundamentals and are comfortable writing quality code in Go or Java, Rust, C, C++
- You know how to integrate security checks into CI/CD pipelines without slowing teams down
- You have hands‑on experience with cloud security, particularly AWS (IAM, VPC, Cloud Trail, Guard Duty)
- You understand AI/ML security risks like prompt injection, insecure code generation, and LLM‑assisted attack vectors
- Bonus Points:
- You’ve built internal security platforms or developer‑facing security tooling
- You’ve done detection engineering — writing detection rules, tuning signals, reducing alert fatigue
- You’ve secured networking or developer infrastructure products
ngrok runs entirely on AWS. Engineers develop by using remote development tools and/or ssh to connect to remote EC2 environments that run a full Kubernetes cluster of the ngrok stack, closely mirroring production. The codebase is primarily Go and Type Script. We use Postgres for persistence, Kafka for streaming, Protobuf for service boundaries, and Kubernetes, Terraform, Helm, and Buildkite to operate and ship reliably.
React is used for user interfaces, and Git Hub supports our development workflows and remembers everything.
This is a remote position for candidates outside of the Bay Area and a hybrid role for candidates within commuting distance to San Francisco. Our Bay Area employees commute to the office…
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).