Discord is about empowering people to find belonging. Trusted by millions to keep their communications out of the hands of evildoers, we depend on security and privacy for success. Our Platform Security Engineering team protects the people who create Discord and the systems they use to do it, making the "secure way" the "easy way." We are looking for a Staff Security Engineer, reporting to the Platform Security Engineering Manager, to advance this mission through security expertise, software development, and operational excellence. You'll articulate and pursue the most leveraged opportunities to reduce security risk across Engineering, bridging organizational boundaries to create secure and lovable "paved paths" for managing identities and access, shipping code, configuring cloud infrastructure, and operating services. If you are a security engineer with a passion for security and privacy, deep curiosity, eagerness to own technically and socially complex projects, and a strong desire to improve Discord, read on! What you'll do * Guide strategy and lead software engineering projects on a small, highly-autonomous, horizontally-integrated security team with a lot of leverage. This is a code-forward role! * Consult on risk assessments, architectural designs, threat models, code reviews, and more-pragmatically balancing security with other business considerations. * Develop and apply best-in-class secure baselines for cloud and bare-metal resources. * Secure our software supply chain, from a developer's laptop through version control and CI/CD and into production. * Build and own IAM systems that are user-friendly and promote least privilege. * Manage third-party vulnerabilities while supporting rapid growth for Product Engineering. * Partner cross-functionally for security monitoring and incident response. Example Projects * Support IAM at Discord with scalable platform solutions; check out https://discord.com/blog/access-a-new-portal-for-managing-internal-authorization. * Build automated tooling to scan our infrastructure for vulnerabilities. * Bake service-to-service authentication and authorization into Discord's next-generation developer platform. Who you are * You have 7+ years of experience building and operating production systems and infrastructure. * You have 5+ years of experience writing software in at least one general-purpose programming language (we mainly use Python and Rust). * You have 4+ years of experience securing systems with millions of users. * You have been the tech lead for projects involving 3+ engineers and spanning multiple quarters. * You have designed and built user-facing software for customers beyond your immediate team. * You have experience securing cloud-based environments (e.g. GCP, Cloudflare). * You have experience with technologies for defining and orchestrating containers (e.g. OCI, Docker, Distroless, Kubernetes). * You understand modern authentication and authorization protocols and concepts (e.g. RBAC, OAuth 2.0, OIDC/SAML, Zero Trust network architectures, mTLS). * You have experience with build and CI/CD technologies (e.g. Bazel, Buildkite, Terraform). Bonus points * You have a system to discover industry tools that can multiply your team's impact. * You have experience securing multi-cloud environments. * You have developed and debugged distributed systems atop GCP and Cloudflare. * You have built and operated a service mesh (e.g. Envoy, Istio, Linkerd). * You have managed and secured VMs and bare-metal hosts (e.g. Linux, Salt). * You have designed and applied Kubernetes security policies (e.g. OPA Gatekeeper, Kyverno). #LI-Remote The US base salary range for this full-time position is $248,000 to $279,000 + equity + benefits. Our salary ranges are determined by role and level. Within the range, individual pay is determined by additional factors, including job-related skills, experience, and relevant education or training. Please note that the compensation details listed in US role postings reflect the base salary only, and do not include equity, or benefits.