RemoteLeaf Logo
Log in Sign up

Senior Security Engineer - Threat Modeling

1 month ago
United States
Full-time
Senior
Application Security Engineer
Cybersecurity
AWS Go IoT Python
Apply Now
Samsara

Samsara

Samsara pioneers the Connected Operations Cloud, offering AI safety programs, real-time visibility, and integrations for industries to enhance efficiency, safety, and sustainability globally.

IT Services
1K-5K
Founded 2015
View All Jobs 84

Description

  • Lead and own the ongoing operation and maintenance of Samsara’s threat modeling program, ensuring consistent execution of processes.
  • Detect and raise security risks found within the Samsara ecosystem and recommend prioritized next steps that balance risk and business needs.
  • Collaborate with engineering teams to track, support, and guide remediation of identified vulnerabilities and advise on security best practices.
  • Work with the Vulnerability Technical Program Manager to generate and distribute monthly and quarterly compliance and vulnerability reports.
  • Participate in security incident investigations related to high-profile vulnerabilities, gather data, and assess potential impact on Samsara infrastructure.
  • Contribute to documentation and process improvements to streamline risk management and threat modeling workflows.
  • Leverage automation and infrastructure-as-code practices to enhance security efficiency and reduce manual effort.
  • Be regularly on call to support incident response and other time-sensitive security needs.

Requirements

  • 6+ years of relevant experience with demonstrated impact in application or product security and threat modeling in an enterprise environment.
  • Deep familiarity with OWASP Top Ten, STRIDE (or equivalent such as PASTA or DREAD), and MITRE ATT&CK.
  • Experience defining and driving SDLC security adoption with business-focused engineering teams.
  • Experience managing Bug Bounty programs (e.g., Bugcrowd).
  • Strong familiarity with common security vulnerabilities and the ability to evaluate severity and business impact.
  • Experience coding with Python or Go.
  • Comfort leveraging automation and working with infrastructure-as-code.
  • Ability to be regularly on call and to collaborate across time zones (role requires regular overlap with UK and India teammates during US standard working hours).
  • Remote work eligibility: must reside in the US excluding the San Francisco Bay Metro Area, NYC Metro Area, and Washington, D.C. Metro Area.

Benefits

  • Annual base salary range: $157,675—$265,000 USD (base pay varies by location, skills, and experience).
  • Competitive total compensation package for full-time employees.
  • Employee-led remote and flexible working model.
  • Health benefits for full-time employees.
  • Opportunities for rapid career development within a high-growth environment.
  • Inclusive workplace with accommodations available for applicants and employees.

Interested in this position?

Apply directly on the company website

Apply Now

Similar Roles

Toyota Tsusho Systems

Principal Embedded Software Developer (VSE)

Toyota Tsusho Systems 51-250 IT Services

Principal Software Engineer at Toyota responsible for architecting and delivering secure, mission-critical in-vehicle embedded software and driving production-quality feature implementations.

United States Full-time Lead Application Security Engineer Embedded Systems Engineer
C C++ CI/CD Cybersecurity Embedded Systems Encryption HIPAA OWASP Penetration Testing Rust TLS
1 month ago
Veeam Software

Senior DevSecOps Engineer

Veeam Software 1K-5K Internet Software & Services

Senior DevSecOps Engineer at Veeam responsible for integrating and operating security controls across the software development lifecycle to embed SAST/SCA and other security tooling into CI/CD pipelines and reduce supply-chain risk.

Portugal Full-time Senior Application Security Engineer DevOps Engineer
Ansible Azure Bash CI/CD CloudFormation DevSecOps Docker Git Helm Jenkins Kubernetes Linux Network Security PowerShell Python TeamCity Terraform YAML
1 month ago
Databricks

Staff Product Security Engineer

Databricks 1K-5K IT Services

Individual contributor on Databricks' Product Security team responsible for managing SDLC security functions across products to reduce vulnerabilities and minimize externally reported security issues in Databricks services.

Netherlands Full-time Senior Application Security Engineer
Apache Spark HIPAA Java JavaScript MLflow Python Scala
1 month ago
Veeam Software

Cloud Application Security Engineer

Veeam Software 1K-5K Internet Software & Services

Cloud Application Security Engineer at Veeam working to shape and strengthen the security of Veeam products and services to enhance data protection and business resilience.

Portugal Full-time Mid Level Application Security Engineer
Ansible AWS Azure Bash Burp Suite C C# C++ CI/CD Encryption JavaScript Jenkins Penetration Testing PowerShell Python Ruby Terraform
1 month ago

You're on a roll! Sign up now to keep applying.

Sign Up

Already have an account? Log in

Used by 14,729+ remote workers