Senior Security Engineer
Location: Menlo Park, California, United States
Department: Compliance, Security, and IT
About Moloco:
Moloco builds some of the most powerful AI advertising solutions in the world. Our name—short for "machine learning company"—reflects our core mission: democratizing access to the advanced AI that has historically been reserved for tech giants.
The Impact You’ll Be Contributing to Moloco:
We are seeking a Senior Security Engineer to strengthen the security posture of our cloud infrastructure and applications. This role is critical to proactively identifying and reducing risk, automating security controls, and ensuring Moloco’s platforms remain secure, resilient, and compliant as the business scales.
The Opportunity:
As a Senior Security Engineer, you will partner closely with DevOps, platform, and application teams to embed security into day-to-day engineering workflows.
- Integrated Security: Embeds automated security testing (SAST/DAST) into CI/CD pipelines.
- Secure Infrastructure: Implements safeguards across infrastructure-as-code, containers, and cloud environments.
- Threat Management: Automates vulnerability scans and real-time threat responses.
- Compliance: Ensures adherence to standards like SOC 2 or GDPR.
- Efficiency: Automates manual security tasks.
- Resilience: Builds robust defenses against evolving threats.
Minimum Requirements:
- 5+ years of experience as a Security Engineer or in a similar role with a strong foundation in CI/CD, automation, and cloud infrastructure
- Strong understanding of cloud security principles (AWS, GCP, or Azure)
- Experience securing CI/CD pipelines (e.g., GitHub Actions, GitLab CI, Jenkins, Harness)
- Familiarity with infrastructure-as-code and related security tools
- Proficiency in scripting languages (Python, Bash, etc)
- Hands-on experience with container security (e.g., Docker image scanning, Kubernetes best practices)
- Knowledge of IAM, secrets management, and secure key handling
- Experience with vulnerability scanning, remediation workflows, and risk prioritization.
- Ability to identify and mitigate misconfigurations in cloud and IaC environments
- Comfortable collaborating with DevOps, platform, and application teams
Preferred Qualifications:
- Familiarity with compliance frameworks (SOC 2, ISO 27001, NIST, etc.)
- Experience with security monitoring and incident response processes
- Exposure to SIEM or EDR tools (e.g., Splunk, CrowdStrike, Google SecOps)
- Experience with SAST/DAST and dependency scanning tools
- Familiarity with zero-trust networking concepts
- Knowledge of threat modeling and risk assessment practices
Compensation and Benefits:
Base Pay Range: $172,000—$228,000 USD
