This job has expired

This position was posted on September 24, 2025 and is likely no longer accepting applications. We've kept it here for historical reference. Check out the similar jobs below!

Security Engineer

The Knot Worldwide Inc.

Job Overview

Location

Remote

Job Type

Full-time

Full Job Description

📋 Description

• Own the end-to-end security posture for a global platform that hosts 25 million couples and 4 million vendors across 16 countries, ensuring every celebration—from engagements to anniversaries—happens on infrastructure that is bullet-proof and privacy-first.
• Architect, deploy, and continuously improve cloud-native security controls across AWS, GCP, and Azure, leveraging Infrastructure-as-Code (Terraform, CloudFormation) to codify guardrails that scale with 3 billion annual page views and 50 TB of new media uploads every month.
• Lead threat-modeling workshops with product, engineering, and data science teams to surface and prioritize risks in new features such as AI-driven vendor matching, real-time RSVP analytics, and blockchain-based gift registries, translating complex technical findings into clear, actionable roadmaps.
• Instrument and tune our SIEM/SOAR stack (Splunk, Panther, Tines) to reduce mean-time-to-detect (MTTD) from minutes to seconds and mean-time-to-respond (MTTR) from hours to minutes, while driving false-positive rates below 2% through advanced correlation rules and behavioral analytics.
• Perform deep-dive penetration tests and red-team exercises against microservices, mobile apps (iOS/Android), and third-party integrations (Stripe, Twilio, SendGrid), documenting exploitable vulnerabilities and partnering with engineering squads to ship fixes within SLA windows.
• Design and maintain a zero-trust identity framework that secures 1,200+ employees, 2,000+ CI/CD pipelines, and 500+ SaaS tools via SSO, MFA, conditional access, and just-in-time privilege elevation—eliminating standing admin rights and shrinking blast radius.
• Champion secure-by-default coding practices by building reusable libraries, pre-commit hooks, and IDE plug-ins that block secrets, enforce least privilege, and auto-remediate OWASP Top 10 issues before code ever reaches production.
• Build and present monthly security scorecards to the C-suite and Board of Directors, translating technical KPIs (patch latency, vuln density, phishing-resilience) into business-impact narratives that influence budget, staffing, and strategic direction.
• Mentor a distributed team of 6 junior security engineers through pair-programming, lunch-and-learns, and formal career-development plans, fostering a culture where curiosity, psychological safety, and continuous learning are non-negotiable.
• Collaborate with Legal, Privacy, and Compliance teams to map controls against GDPR, CCPA, SOC 2, ISO 27001, and PCI-DSS, owning evidence collection, audit walkthroughs, and remediation tracking to maintain zero-finding certifications.
• Automate compliance drift detection using Policy-as-Code (OPA, HashiCorp Sentinel) and continuous compliance dashboards, reducing manual audit prep from weeks to hours and freeing the team for higher-order security engineering work.
• Serve as the on-call incident commander during critical security events, orchestrating cross-functional war-room response, executive communications, and post-mortems that feed directly back into architectural improvements and tabletop exercises.
• Influence the broader security community by publishing CVEs, presenting at conferences (BSides, RSA, DEF CON), and contributing to open-source projects under the TKWW GitHub org, amplifying our employer brand and attracting top-tier talent.
• Experiment with emerging tech—confidential computing, homomorphic encryption, SBOM generation—to future-proof our stack against quantum threats and supply-chain attacks, turning cutting-edge research into production-ready safeguards.

🎯 Requirements

• 5+ years of hands-on security engineering experience in cloud-native environments (AWS preferred) with deep expertise in IAM, container security, and serverless architectures.
• Proficiency in at least one modern programming language (Python, Go, or TypeScript) and comfort writing Infrastructure-as-Code (Terraform, CloudFormation, or Pulumi).
• Demonstrated success leading incident response for high-severity security events, including root-cause analysis, executive reporting, and long-term remediation.
• Nice-to-have: current CISSP, AWS Security Specialty, or OSCP certification; contributions to open-source security projects; experience with privacy-enhancing technologies or ML model security.

🏖️ Benefits

• Fully remote-first culture with quarterly in-person summits in destinations like Lisbon, Austin, or Bali, plus a $1,500 annual travel stipend to visit teammates anywhere in the world.
• 20 weeks of fully paid parental leave for all genders, plus flexible return-to-work ramps and on-site or virtual childcare stipends.
• Annual $3,000 professional-development budget for conferences, certifications, and courses, plus 10% time every Friday for self-directed learning and experimentation.
• Equity in a profitable, fast-growing company that has tripled revenue in the last four years and is on track for an IPO within the next 24–36 months.

Skills & Technologies

Apache Spark

Remote

Ready to Apply?

Apply Externally

You will be redirected to an external site to apply.

The Knot Worldwide Inc.

Visit Website

About The Knot Worldwide Inc.

The Knot Worldwide Inc. operates digital wedding-planning brands including The Knot, WeddingWire, Bodas.net, and Matrimonio.com. Founded in 2019 from the merger of XO Group and WeddingWire, the company provides registry, vendor marketplace, and planning tools to couples and suppliers worldwide while generating revenue through advertising, subscriptions, and commissions.

View Company Profile

Get more remote jobs like this

Subscribe to the weekly newsletter for similar remote roles and curated hiring updates.

Weekly remote jobs and featured talent.

No spam. Only curated remote roles and product updates. You can unsubscribe anytime.