Staff Security Engineer I

A Little About Us

EDB provides a data and AI platform that enables organizations to harness the full power of Postgres for transactional, analytical, and AI workloads across any cloud, anywhere. EDB empowers enterprises to control risk, manage costs and scale efficiently for a data and AI led world. Serving more than 1,500 customers globally and as the leading contributor to the vibrant and fast-growing PostgreSQL community, EDB supports major government organizations, financial services, media and information technology companies. EDB’s data-driven solutions enable customers to modernize legacy systems and break data silos while leveraging enterprise-grade open source technologies. EDB delivers the confidence of up to 99.999% high availability with mission critical capabilities built in such as security, compliance controls, and observability. For more information, visit

Job Summary

As a Staff Security Engineer at EDB, you will be a technical leader with a developer-centric background, responsible for designing and implementing security architectures that protect EDB's products, infrastructure, and customers. You will lead cross-functional application security initiatives, build automation and tooling that multiplies the impact of the entire InfoSec organization, drive vulnerability disclosure investigations, and ensure our security posture meets regulatory requirements. You will build deep trust with engineering teams by speaking their language, reviewing their code, and partnering with them to ship secure software.

This is a role designed for someone who wants to grow. As a member of a small, high-impact security team, you'll have the autonomy to shape security strategy and the runway to grow into a broader InfoSec leadership role over time. You'll champion security awareness through training and cross-functional collaboration, and deliver iterative security improvements — thinking big but acting small to move the organization forward incrementally.

This role is ideal for experienced engineers who thrive on solving complex technical challenges through code, want autonomy in shaping security strategy, and are passionate about building resilient defenses through collaboration and partnership. If you're ready to strengthen EDB's security foundations, we want to hear from you!

Responsibilities

• Lead cross-functional application security initiatives to identify, prioritize, and mitigate security risks across EDB's products.

• Write and review code to build security automation and tooling that serves the full InfoSec organization accelerating the team's ability to detect, respond, and remediate.

• Build & orchestrate security agents deploying AI-driven security tools using LLMs and orchestration frameworks (LangChain) to automate threat modeling, alert triaging, and code analysis.

• Partner with internal teams to implement security guardrails for internal AI applications, focusing on prompt injection mitigation, data leakage prevention, and secure architectures.

• Integrate AI tools into the SDLC to perform automated architectural risk assessments, security reviews, and identify vulnerabilities in generated code or toolsets.

• Design and integrate complex security architectures across cloud and on-premise environments, strengthening EDB's overall defense posture against advanced threats.

• Lead vulnerability disclosure investigations, coordinating with engineering teams to assess impact, validate findings, and drive timely remediation.

• Embed security into the software development lifecycle through secure design reviews, code review, threat modeling, and ongoing partnership with engineering and product teams. Build trust with development teams by meeting them where they are, respecting their workflows, and delivering clear guidance throughout implementation.

• Deliver security solutions as minimum valuable products, starting with the smallest solution that provides the needed value and iterating over time as capacity allows.

• Drive continuous improvement of security tooling, detection capabilities, and monitoring infrastructure.

Requirements

• A developer-centric background with demonstrated ability to write and review production-quality code in Python, Go, or a comparable language.

• Hands-on LLM engineering with proven experience working with LLM APIs (Anthropic Claude, OpenAI) and "AI-as-a-Service" kits to build functional internal tools or security automations.

• Deep understanding of the OWASP Top 10 for LLMs, including risks like prompt injection, insecure output handling, and training data poisoning.

• Ability to craft complex, multi-shot prompts and system instructions to ensure AI security agents provide high-fidelity, low-noise results.

• Proven experience leading cross-functional application security initiatives in complex, distributed environments.

• Demonstrated experience leading vulnerability disclosure investigations, including impact assessment, coordination with engineering teams, and driving remediation. (You don't need to be able to write novel exploits — you need to assess risk and drive fixes.)

• Proven ability to build trust with development teams: reviewing their code, engaging in their design discussions, and partnering as a peer rather than a gatekeeper.

• Strong communication skills with the ability to influence cross-functional stakeholders, translate technical security concerns into business risks, and negotiate priorities with partner teams to get security initiatives on shared roadmaps.

• An empathetic, collaborative approach to working with partner teams, respecting their processes and assuming the best while still driving accountability for security outcomes.

• Demonstrated ability to balance long-term security architecture initiatives with day-to-day operational security needs, delivering incremental value rather than waiting for large, all-at-once solutions.

• An AI-first approach to problem solving and security, leveraging AI tools and techniques to accelerate delivery, automate security workflows, and enhance decision-making.

• Interest in growing into a broader InfoSec role over time, taking on expanded scope and influence across the organization.

Good To Have

• Familiarity with AI Red Teaming or using LLMs to simulate adversarial attack paths.

• Experience with database security, particularly PostgreSQL or other relational database systems.

• Knowledge of the MITRE ATT&CK Framework, attack chains, and attack path mapping.

• Experience developing and delivering security awareness training programs at an organizational level.

• Experience writing and reviewing C.

• Contributions to open-source AI security projects or frameworks.

• Expertise in one or more compliance frameworks: SOC 2, PCI, HIPAA, FedRAMP (800-53), ISO 27001.

EDB is committed to supporting our employees' overall well being by offering a range of benefits and resources to promote a healthy work-life balance and wellness. We provide access to CuraLinc to aid employees in health and wellness tips and practices, as well as Wellness Fridays extending to December 2026! Check out our career site for more information on perks and benefits and reach out to our Talent Acquisition team for region specific benefits.

We know it takes a unique mix of people and skills to help us in our mission to supercharge Postgres, and we understand that not everyone will check every box. We’d love to hear from you and we want you to apply!

EDB is proud to be an equal opportunity workplace. We celebrate diversity and are committed to creating an inclusive environment for all employees. EDB was built on a commitment to trust and respect each other and to embrace an array of people and ideas. These values remain at the center of our culture and are key to our company’s integrity.

EDB does not seek or accept unsolicited resumes or CVs from recruitment agencies. EDB and its affiliates are not responsible for, and will not pay, any fees, commissions, or any other similar payment related to unsolicited resumes or CVs except as required in a written signed agreement between EDB and the recruitment agency or party requesting payment of a fee.

#LI-Remote