Key skills
AIAWSGCPCI/CD
About this role
LiveKit is building the infrastructure layer for the voice-driven era of computing, powering voice AI applications for major companies. They are seeking a Staff Security Engineer who will own security across the stack, proactively identify risks, lead secure code reviews, and collaborate with engineers to design secure systems.
Responsibilities:
- Own security across the stack—applications, services, infrastructure, and developer workflows
- Proactively identify, assess, and mitigate risks in both infrastructure and application codebases
- Lead secure code reviews, architecture discussions, and threat modeling sessions
- Build tooling and automations that help prevent security issues before they reach production
- Harden authentication and access control across internal and external surfaces
- Partner closely with engineers across teams to design secure-by-default APIs, workflows, and deployments
- Investigate vulnerabilities, respond to security incidents, and manage disclosure processes when needed
- Stay current with security research, tooling, and threats—then put that knowledge into action
Requirements:
- 6+ years of experience as a software engineer with an interest in security engineering
- You've led or heavily contributed to security engineering efforts across applications, infrastructure, or both
- You can analyze systems for weaknesses—whether they're in business logic, configuration, or code
- You're experienced with threat modeling, secure coding practices, and vulnerability management
- You've worked with CI/CD systems, cloud platforms (AWS, GCP, etc.), and containerized environments
- You can translate security concerns into engineering action without being the 'no' person
- You're an excellent communicator and collaborator who can document and evangelize best practices
- You've responded to real-world security incidents, led postmortems, or driven remediation efforts
- Experience with security reviews of WebRTC, media pipelines, or real-time systems
- Contributions to open-source security tooling or research
- Hands-on experience with static and dynamic analysis tools, fuzzing, or sandboxing
- You've built (or tried to build) something with LiveKit (we always love that!)