Lead Security Engineer

Swiftly, Inc. is on a mission to help cities move more efficiently through their leading transit data platform. They are seeking a Lead Security Engineer to enhance security measures and empower teams across the organization to make secure decisions, while also handling compliance and incident response responsibilities.

Responsibilities

• Own Swiftly's security risk register and threat models; identify, prioritize, and drive remediation of risks across application and infrastructure
• Design secure architectures for our SaaS platform, mobile applications, and IOT/Hardware Integration, focusing on authentication, authorization, data protection, and network boundaries
• Recommend, implement, and manage security tools end-to-end
• Build DevSecOps guardrails into CI/CD so vulnerabilities, misconfigurations, and license issues surface early
• Conduct internal security assessments and coordinate engagements with external penetration testers
• Own security policies and standards; ensure they're practical, adopted, and measurable
• Define standards for secure adoption of AI coding assistants, building reusable patterns, custom configurations, and guardrails that help developers move fast safely
• Lead renewals and continuous readiness for existing certifications like SOC 2
• Proactively identify security frameworks required for international expansion; scope cost, level of effort, and timelines to inform market entry decisions; and lead execution of new certifications
• Respond to customer security and compliance inquiries and support product marketing with security content
• Design and maintain security incident response plans, playbooks, and escalation paths
• Serve as an escalation point for security incidents; lead triage, root cause analysis, and remediation
• Define and maintain security KPIs and dashboards for executive and board reporting
• Give teams visibility into their security posture and coach them to improve
• Influence roadmap prioritization to ensure security and compliance are first-class concerns
• Mentor engineers in secure design and help grow a security-aware culture across Swiftly by delivering security training and office hours for developers and other stakeholders
• Drive corporate IT security strategy, including endpoint hardening, email security, IAM standards, and periodic access reviews

Skills

• 5+ years of experience in security engineering with both strategic and hands-on work
• Strong experience securing cloud-native environments (AWS preferred), including IAM, networking, logging/monitoring, and secrets management
• Hands-on experience with infrastructure-as-code (Terraform) and policy-as-code frameworks (OPA, Sentinel, or similar)
• Background building security into CI/CD pipelines and development workflows
• Familiarity with container and orchestration security
• Excellent threat modeling and risk assessment skills; able to translate complex risks into clear options and tradeoffs
• Experience with compliance frameworks (SOC 2 preferred) and audit processes
• Strong communication skills; comfortable working across technical and non-technical teams
• Self-directed and comfortable operating with autonomy
• Relevant certifications (CISSP, cloud security certifications)
• Experience advising on security for AI/ML or LLM-powered features
• Mobile application security experience (Android preferred)
• Experience with GRC and compliance platforms
• Background in application security or penetration testing
• Experience with international compliance frameworks
• Familiarity with regulated industries or public sector requirements
• Experience with physical device security (IoT, embedded systems, or field-deployed hardware)
• Experience with Mobile Device Management (MDM) solutions for enterprise or fleet deployments

Benefits

• Competitive salary
• Equity compensation (company ownership) for every employee
• Medical, Dental and Vision
• Retirement with Employer Match
• Flexible Spending Account (FSA)
• Home office setup reimbursement
• Monthly cell/internet reimbursement
• Monthly "Be Well" stipend
• Flexible PTO with a recommended minimum
• Flexible work environment
• 16 paid holidays - including months without US national holidays
• 8 fully paid weeks of leave for child birth/adoption

Company Overview

• Swiftly is the leading transit data platform for agencies to share real-time passenger information, manage day-to-day operations, and improve service performance. It was founded in 2014, and is headquartered in San Francisco, California, USA, with a workforce of 51-200 employees. Its website is http://goswift.ly.