Senior Security Engineer

Senior Security Engineer

Seeking a development & cloud focused Senior Security Engineer to join our expanding security team. The ideal candidate will have passion for AppSec, Cloud and AI. They will be a skilled communicator and relationship builder capable of promoting and building security practices across the organization and into our development processes.

AI is reshaping practices across the board and at Karbon we're fully committed. We don't see AI as a replacement but as a force multiplier. We're looking for Security Engineers who are confident in network & security fundamentals, driven to grow, and excited by the challenges and opportunities AI brings.

What You'll Own:

• Partner with different areas within Karbon - You will make sure security is embedded from the start from feature design and development to participating in design reviews and threat modelling.
• Balance Security and Delivery - You know how to balance delivery needs with security and can communicate security risks and issues to non technical stakeholders. You understand when it's important to push back, when to compromise and how to work with delivery teams to reach a great outcome.
• You keep up to date on the latest technologies and approaches - You are excited by the new developments such as AI bring to security but also understand the importance of security foundational practices such as good account hygiene, least privilege, attack surface reduction and MFA.
• Identify and assess security risks introduced by AI tools - You'll assist with reviewing the risks of AI tooling usage & Integration and AI-generated code.
• Apply AI-assisted tooling to accelerate security work - you understand the impact AI can have and utilize it across many areas including triage, threat detection, code review, and documentation.
• Flexibility and confidence to work across multiple security domains - We're a small team responsible for Security at a fast moving company and you'll get exposure to many different security domains; you could be assisting with refining and investigating corporate IT security processes in the morning, reviewing a cloud hosted system after lunch and then tweaking detection rules!
• Work effectively as part of a team - Security is a team sport and you understand the need to build relationships and trust across the organization to enhance Karbon's security posture. You are happy to answer questions and offer advice to teams that will reach out for your assistance.
• Own your work - You take pride in your work, feeling a deep sense of responsibility for the products we develop and ensuring we keep our customers' valuable data secure. This sense of ownership is paramount, and you share this commitment.
• Bring your passion and personality - Your creativity, curiosity, and authentic self make the team stronger. If you've worked in highly political environments, you'll find our culture, free from office politics and valuing openness and authenticity, a refreshing change.
• Help us measure improvement and steer our roadmap - Contribute to Security Metrics so we can track progress and feedback into our roadmap.

What Sets You Apart:

• 4+ years experience in a security or development role across most of the following:
• Collaborating with teams to review designs & implementations for security issues and embedding good security practices across software development
• Triaging issues and reports, assisting teams to remedy items and testing fixes
• Working with external penetration test companies to validate and prioritize findings
• Conducting risk and vulnerability assessments of web applications and APIs and third party suppliers and integrations
• Configuring and tuning SAST, SCA and DAST Tooling
• Working with build/deployment pipelines to incorporate security tooling (Github Actions or Azure Devops YAML based pipelines)
• Assisting with implementing security focused alerting and detections and automations
• Conducting and facilitating organizational & developer focused security training
• Assisting with operational security items such as EDR alerts and MDM
• Contributing to our security roadmap

• In addition you'll need:
• Strong communication skills (spoken and written)
• Some of the following Languages/Frameworks: Microsoft.NET/C#, JavaScript (we use React and EmberJS frameworks and, Python)
• At least one cloud platform: Azure, AWS or GCP (we use Azure predominantly)
• Working knowledge of PowerShell or Bash and Python
• Working knowledge of at least one AI development tool e.g. Claude Code, GitHub Co-Pilot etc
• Portswigger Burp or similar
• Certifications such as Offsec OSCP & AWAE, GIAC, Burp Practitioner, PJPT, Microsoft/AWS development and cloud related are nice to have
• Experience with securing AI applications, systems and AI tooling would be highly regarded

Why Work at Karbon?

• Gain global experience across Australia, New Zealand, UK, and Canada
• Strong benefits package including:
• Flexible Time Off with an encouraged 4 weeks use per year
• Company paid medical for you and eligible spouse/partner and dependents
• Paid dental and vision and eligible spouse/partner and dependents
• 401(k) with company matching
• Flexible Spending Account
• Up to 8 weeks paid parental leave
• Work-from-home stipend
• Work with (and learn from) an experienced, high-performing team
• A collaborative, team-oriented culture that embraces diversity, invests in development and provides consistent feedback
• Be part of a fast-growing company that firmly believes in promoting high performers from within

As we hire across various locations within the USA we are required by law to include a reasonable estimate of the compensation range for this role. The range provided is broad and takes into consideration a wide range of factors that are reviewed when making a hiring decision, such as physical location/cost of living in that location, years of experience, skills, and other business needs. It is not typical for a candidate to be hired at or near the top of the pay range and each compensation decision is dependent on each individual case. The base salary is one component of the total compensation package, which for some roles may include a target bonus, for some roles very competitive equity grant, and very generous benefits. While we believe competitive compensation is a critical aspect of you deciding to join us, we do hope you also spend time considering why our mission, purpose and values are right for you. We are creating something transformational here, and we hope you are as excited about the future as we are!

The estimated base salary range for this role is:

$131,000 - $169,000 USD

Karbon embraces diversity and inclusion, aligning with our values as a business. Research has shown that women and underrepresented groups are less likely to apply to jobs unless they meet every single criteria. If you've made it this far in the job description but your past experience doesn't perfectly align, we do encourage you to still apply. You could still be the right person for the role!

We recruit and reward people based on capability and performance. We don't discriminate based on race, gender, sexual orientation, gender identity or expression, lifestyle, age, educational background, national origin, religion, physical or cognitive ability, and other diversity dimensions that may hinder inclusion in the organization.

Generally, if you are a good person, we want to talk to you.

If there are any adjustments or accommodations that we can make to assist you during the recruitment process, and your journey at Karbon, contact us at View email address on click.appcast.io for a confidential discussion.

At this time, we request that agency referrals are not submitted for this position. We appreciate your understanding and encourage direct applications from interested candidates. Thank you!