Lead Security Engineer

Company Description

Swiftly is on a mission to help cities move more efficiently. We are the leading transit data platform for agencies to share real‑time passenger information, manage day‑to‑day operations, and improve service performance. Today, over 180 transit agencies in 12 countries – including LA Metro, MARTA, SEPTA, and MBTA – rely on Swiftly to improve on‑time performance by up to 40% and increase passenger information accuracy by up to 50%.

The result is better service reliability, increased ridership, and more efficient transit operations.

Even though Swiftly's HQ office is located in San Francisco, CA, we are open to candidates in most locations across the U.S. as well as Ontario and British Columbia, Canada. At this time we are unable to provide Visa sponsorship.

Engineering at Swiftly is not only about writing code – we believe in creating empowered product teams that work together to conceptualize new features and bring them to life. Each team aims to strike a balance between delivering incremental improvements, creating prototypes to test new ideas and mitigate risks, and building scalable software using industry best practices. We’re guided by a mission to positively impact transit riders, and we embrace humility and intentionality in how we make technical decisions so that we best meet our customers’ needs.

We're looking for a Lead Security Engineer to join our Platform team and mature Swiftly's security posture. We believe excellent security isn't just about tools and controls; it's about empowering product, infrastructure, and corporate IT teams across our organization to make secure decisions every day. In this role, you'll partner closely with engineering, product, and go‑to‑market teams to design secure solutions, build Dev Sec Ops  tooling, and drive our compliance roadmap.

You'll balance strategic initiatives with hands‑on work in our cloud‑native environment. We’re looking for someone equally comfortable working on codebases and leading cross‑functional initiatives, a force multiplier who can train teams, represent security to customers and executives, and make security a natural part of how Swiftly ships products.

We use AI tools for scheduling and summarization in our hiring process. We do not use AI tools to make decisions about who moves forward or to assess the strength of candidates. Every application is reviewed and all hiring decisions are made by Swiftly team members. This is an active, open role that we are currently hiring for at Swiftly.

• Own Swiftly's security risk register and threat models; identify, prioritize, and drive remediation of risks across application and infrastructure.
• Design secure architectures for our SaaS platform, mobile applications, and IOT/Hardware Integration, focusing on authentication, authorization, data protection, and network boundaries.
• Recommend, implement, and manage security tools end‑to‑end.
• Build Dev Sec Ops  guardrails into CI/CD so vulnerabilities, misconfigurations, and license issues surface early.
• Conduct internal security assessments and coordinate engagements with external penetration testers.
• Own security policies and standards; ensure they're practical, adopted, and measurable.
• Define standards for secure adoption of AI coding assistants, building reusable patterns, custom configurations, and guardrails that help developers move fast safely.

• Lead renewals and continuous readiness for existing certifications like SOC 2.
• Proactively identify security frameworks required for international expansion; scope cost, level of effort, and timelines to inform market entry decisions; and lead execution of new certifications.
• Respond to customer security and compliance inquiries and support product marketing with security content.

• Design and maintain security incident response plans, playbooks, and escalation paths.
• Serve as an escalation point for security incidents; lead triage, root cause analysis, and remediation.

• Define and maintain security KPIs and dashboards for executive and board…