About the Role

Fivetran is building data pipelines to power the modern data stack for thousands of companies.

We’re looking for a Staff Platform Security Engineer to enhance the security of our cloud-native and hybrid infrastructure. This individual contributor (IC) role is hands-on and execution-focused, requiring expertise in application security, cloud security, and DevSecOps. You will work closely with engineering teams to integrate security into the development lifecycle, automate security processes, and ensure resilience against emerging threats.

This is a full-time position based out of our Denver, CO office. Our hybrid work model offers a blend of remote flexibility and in-person collaboration, including two days in the office each week to connect and build as a team

What You’ll Do

• Collaborate with engineering teams to integrate and manage security tooling within the SDLC, strategically automating security checks and feedback loops to enhance efficiency and security posture

• Perform vulnerability scanning and participate in penetration testing exercises, automating scanning processes judiciously to identify common weaknesses, while reserving manual efforts for complex and nuanced assessments. Report findings and assist with remediation efforts.

• Develop and maintain automation scripts and infrastructure-as-code for security checks related to machine configurations, container images, IAM policies, firewall rules, and cloud storage policies.

• Implement and configure security controls within enterprise applications based on security best practices and architectural guidance.

• Contribute to threat modeling efforts by providing technical insights and implementing identified security controls.

• Work directly with engineering teams to troubleshoot and resolve security challenges across the stack while promoting a security-first mindset, identifying and automating recurring troubleshooting steps or remediation processes where it significantly improves response times and reduces manual intervention.

• Implement and operationalize security solutions for cloud-native and hybrid infrastructure based on architectural guidelines.

• Collaborate with infrastructure and cloud security teams to implement and maintain security controls across the entire technology stack, strategically prioritizing automation for consistent enforcement, monitoring, and alerting to improve overall security and reduce manual overhead.

• Implement and manage security assessment tools, including vulnerability scanners, SIEM agents, DLP endpoints, and EDR sensors.

• Participate in security assessment reviews by providing practical implementation feedback and identifying potential operational challenges.

• Develop and maintain scripts and tools to automate security monitoring and alerting.

• Stay up to date with cybersecurity threats and trends, applying this knowledge to improve implemented security controls and operational processes.

Skills We’re Looking For

• Application Security Expertise: Deep expertise in identifying and mitigating security vulnerabilities within applications (e.g., OWASP Top 10), particularly in Java codebases.

• Secure SDLC: Extensive experience integrating security into the software development lifecycle, from design and code review to testing and deployment.

• Java Proficiency: Senior-level experience with Java codebases: building, running, profiling, and optimizing Java applications in secure environments.

• Container Security: Strong experience with Docker image creation, optimization, and vulnerability mitigation, specifically for applications.

• CI/CD & Automation: Proficiency with CI/CD tools (e.g., Jenkins, GitLab CI, GitHub Actions) and experience integrating security tools into automated pipelines.

• Tooling Familiarity: Familiarity with a range of security tools for CI/CD security, static analysis (SAST), dynamic analysis (DAST), dependency analysis (SCA), and secrets management.

• Adversarial AI & Defense: Familiarity with modern attack techniques, offensive security methodologies, and defense strategies, including OWASP Top 10 for LLMs (e.g., Prompt Injection, Data Poisoning, and Model Inversion).

• Scripting: Proficiency in scripting or programming languages (e.g., Bash, Python, Go) to automate security processes and tool integration.

• Problem-Solving: Excellent problem-solving and troubleshooting skills, with the ability to work independently in fast-paced environments.

• Communication: Strong communication skills with the ability to effectively collaborate with and educate engineering teams on security principles and best practices.

• Curiosity & Urgency: Demonstrates strong curiosity, a sense of urgency, and a hands-on approach to diving deep into complex technical problems to drive timely and effective solutions.

#LI-HYBRID #LI-AM1