Key skills
TypeScriptPythonGoRustAIAgenticAWSAzureGCPTerraformKubernetesDockerIAMSentrySDLCCI/CDCommunicationProblem SolvingPenetration Testing
About this role
Sentry is a leading application monitoring company that helps developers fix errors and performance issues. The Senior Security Engineer will work across application and platform security domains, owning security practices like reviews and vulnerability management while collaborating with product and engineering teams.
Responsibilities:
- Own and mature Sentry's security review program. From secure code review, to architecture review, and threat modeling. You will build processes, tooling, and culture which makes security a natural part of how we ship and operate
- Influence mature vulnerability management practices. Intake, triage, prioritization, remediation tracking, and management of our bug bounty and responsible disclosure program
- Champion secure-by-design principles. Partner with engineering and product teams to embed security early in the development lifecycle and integrate security tooling into developer and CI/CD workflows
- Validate and reproduce application and infrastructure security findings. Scanning, manual testing, coordinate penetration testing and vulnerability validation across Sentry's application, SDKs and cloud-based platform
- Evaluate and respond to emerging threats relevant to application security Sentry. We build and operate a complex application and cloud environment, including the novel attack surface introduced by Sentry's agentic product features and AI-assisted engineering practices
Requirements:
- 5+ years of industry experience designing, building, securing complex applications and large-scale distributed cloud systems
- Degree in Computer Science or a related field, equivalent training, or professional experience
- Direct experience with security reviews, SDLC practices, secure CI/CD, architecture reviews, threat modeling, vulnerability management, bug bounty and responsible disclosure programs
- Experienced and comfortable programming in at least one language, must be comfortable reviewing Python, Typescript, Go, Rust applications
- Familiarity with using distributed cloud technology (AWS, GCP, Azure, Kubernetes, Docker, Terraform, etc.) and securing those technologies (cloud networking, IAM, etc.)
- A collaborative approach to problem solving paired with strong written and verbal communication