About incident.io

incident.io is the leading all-in-one platform for incident management. From small bugs to major outages, incident.io helps teams respond fast, reduce downtime, and improve every time something goes wrong.

Since launching in 2021, we’ve helped 800 companies—including Netflix, Airbnb and Block—resolve over 250,000 incidents. Every month, more than 30,000 responders across Engineering, Product and Support use incident.io to fix things faster.

We’re a small team that cares deeply about pragmatism, quality, magic, and pace. We've raised $100M from Index Ventures, Insight Partners and Point Nine, alongside many angel investors who are founders and executives of world-class companies.

The Team

Our Engineers know the drill – they’ve been paged at 3am. They’re on a mission to transform those wee-hour wake-up calls into smoother, more manageable experiences for engineering teams everywhere. In fact, they’re some of our product’s biggest fans and users. What really sets them apart is their unwavering commitment to our customers.

We’re looking for our first Security Engineer with a passion for application security who thrives when embedded within product teams. You’ll work side-by-side with engineers, helping us design and build secure systems from the ground up – not just swooping in at the end to run a checklist. You’ll spot potential vulnerabilities before they reach production, coach engineers on secure coding practices, and help shape a culture where security is second nature.

As you’ll be the first Security Engineer, you’ll be collaborating heavily with the Infrastructure team as well to help us secure our infrastructure, CI/CD, and our internal tooling.

What you’ll be doing:

• Partnering with product teams to design and review features with security in mind from day one.

• Identifying and mitigating vulnerabilities through both white-box (code review, architecture analysis) and black-box (penetration testing, fuzzing) approaches, to name a couple.

• Proactively finding security flaws in our applications, APIs, and infrastructure – and helping teams remediate them quickly.

• Introducing pragmatic security tooling and automation to strengthen our defences without creating bottlenecks.

• Championing secure coding practices and raising security awareness across the engineering organisation.

• Collaborating on incident response and post-incident reviews when security issues arise.

What you need to be successful:

• A track record of finding and remediating application security vulnerabilities, ideally demonstrated through in-depth security research, penetration testing, or red teaming.

• Hands-on experience with white-box and black-box testing techniques and tools.

• Familiarity with secure software development in modern web applications (React, Go, TypeScript, Postgres, or similar stacks).

• Comfortable embedding within product teams and influencing design and implementation decisions.

• Experience with cloud security in Google Cloud Platform (GCP Security Command Center is a plus).

• A pragmatic approach – knowing where to focus for maximum risk reduction without slowing down delivery.

What we offer:

We’re building a place where great people can do their best work—and that means looking after you and your family with benefits that support health and personal growth.

• Market leading private medical insurance

• Generous parental leave

• First Friday of the month off

• Generous annual leave/PTO allowance

• Competitive salary and equity

• Remote working and personal development budget

• Enhanced pension/401k