openashbyhqtidemarkcap
Senior Security Engineer, Vulnerability Automation
Jane App
LocationCanada
WorkplaceRemote
EmploymentFullTime
Posted2026-06-04T15:37:17.201+00:00
Last observed2026-06-13 05:24:41.455109
Job idtidemarkcap-jane-app:ashbyhq:0953b50c-f84b-40bb-95ca-ad3fe5bcf37b
ABOUT THE ROLE Hi, I'm Dave. I lead Security Engineering at Jane - a team of ten spanning AppSec, Cloud Security, Enterprise Security, Red Team, and Enablement, working to protect the health information of hundreds of thousands of patients and the practitioners who care for them. We earn influence through relationships, not authority. Our goal is to make it easy for dev teams to do the right thing, and that has a concrete expression. We're close to a vision where a developer receives a draft, tested PR when a vulnerability is identified in their codebase. We only ship validated true positives to their queues. The investigation, false positive filtering, and applicability assessment are our job, not theirs. We've already built the foundation. You'll be maturing that platform, not starting from scratch. This role sits at the engineering heart of that work, building and iterating on the pipeline that connects threat intelligence, AppSec findings, and Red Team outputs into automated protections and actionable remediation for dev teams. We're a team that experiments with AI constantly and shares what we learn. If that's how you already work, you'll feel right at home here. If you lead with curiosity, earn trust before you expect buy-in, and get energy from building things that make other engineers' lives simpler, I'd love to talk. WHAT IMPACT WE'RE LOOKING FOR YOU TO MAKE - Design, build, and own the vulnerability engineering pipeline - from threat intelligence ingestion through automated PR generation - establishing the technical architecture and standards that the rest of the team builds on as the platform matures. - Raise the team's bar for building with AI by experimenting openly, sharing what works and what doesn't, and helping every member of the security team elevate how they work with AI-powered tooling. - Partner deeply with dev teams across Jane to make security feel like a service, not a burden - doing the investigative work upfront, shipping only validated true positives, and following up on SLA gaps in ways that keep relationships strong. - Coordinate complex, multi-team vulnerability findings by owning the communication, tracking resolution progress, and keeping things moving without needing to escalate every sticking point. - Contribute to the team's on-call rotation, building and improving runbooks and post-incident reviews that make every response faster and sharper than the last. WHAT EXPERIENCE WE NEED - Demonstrated depth in security engineering, including shipped automation, pipelines, or internal security tooling that other teams actually used - with enough experience across the vulnerability lifecycle to know where the friction points are and how to engineer around them. Hands-on experience with Python and CI/CD security integrations, particularly GitHub Actions, is a strong signal. - A builder's mentality about AI - you experiment, you stay current, and you're energized by building smarter ways to solve problems. Active engagement with AI-assisted workflows and tooling is central to how this team operates and grows. - Applied knowledge of web and API vulnerability classes - including how common attack vectors translate to real risk and how to provide remediation guidance tailored to the specific issue and team receiving it, rather than generic output from a scanner report. Familiarity with SAST, SCA, secret detection, DAST, and ASPM tooling is important; experience with mobile application vulnerabilities is a bonus. - A track record of cross-team influence without authority - knowing how to read a room, adapt communication to your audience, and build the kind of credibility that makes engineers come to you proactively. Emotional intelligence is as important to us as technical skill, and it's a core part of how this team operates. - A track record as a force multiplier - you've set technical direction that others have followed, mentored engineers at various levels, and shared your knowledge freely enough that
This page is generated from the committed OpenOpps static snapshot. Use the source posting or apply link for the employer's current canonical posting state.