Staff Security Engineer

EvenUp is on a mission to close the justice gap using technology and AI. We empower personal injury lawyers and victims to get the justice they deserve. Our products enable law firms to secure faster settlements, higher payouts, and better outcomes for victims injured through no fault of their own in vehicle collisions, accidents, natural disasters, and more.

We are one of the fastest-growing vertical SaaS companies in history, and we are just getting started. EvenUp is backed by top VCs, including Bessemer Venture Partners, Bain Capital Ventures, SignalFire, and Lightspeed. We are looking to expand our team with talented, driven, and collaborative individuals who seek to have a lasting impact. Learn more at www.evenuplaw.com

.

Today, our engineering team is roughly ~100 people, but by the end of 2026 we’ll roughly double the size of the team. With our growth, we’re looking for a strong Staff Security Engineer to work cross-functional and manage our security within our infrastructure team. We need a hands-on Staff Security Engineer to lead our Security efforts and drive our growth. You’ll help us evaluate building vs buying security solutions.

What you'll do:

• Risk Management: Identify and address security risks through thorough assessments and mitigation strategies.
• Code and Network Security: Ensure the secure coding of the platform and implement measures to protect against unauthorized access and data breaches.
• Incident Response: Develop and execute plans to respond to security incidents, conducting forensic analysis and implementing preventive measures.
• Compliance and Ethics: Ensure EvenUp systems comply with regulations and industry standards, addressing ethical concerns and promoting transparency.
• Continuous Monitoring: Establish real-time monitoring systems to detect and respond to security threats, conducting regular assessments.
• Vendor and Third-Party Security: Assess and secure third-party components integrated into our systems to prevent vulnerabilities.
• Security Training: Provide training to enhance the team's security awareness and foster a security-conscious culture.
• Documentation and Reporting: Maintain documentation of security protocols, incidents, and improvements, and communicate regular reports to stakeholders

What we look for:

• 10+ years of implementation experience in a security-focused role with an emphasis on hands-on secure technical architecture and implementation work, and oversight in a team setting (e.g., conducting solution security reviews)
• Proven expertise in SAST/DAST, application security, and CI/CD pipeline integration
• Deep understanding of AI-specific threats — prompt injection, model poisoning, membership inference, adversarial perturbation, and output manipulation
• In-depth knowledge and implementation experience of information security principles, policy enforcement, operating systems, web application security, and a high-level of familiarity with malicious code uses, OWASP Top 10, and common techniques used by hackers
• Experience with designing and implementing next-generation security technologies, such as SASE, CASB, or RASP
• Hands-on experience with application patch management, software supply chain security, or artifact repositories like JFrog and Snyk
• Strong fluency in at least one programming or scripting language: Python, Ruby, NodeJs
• Cybersecurity certification (e.g. CISSP, CISM, CISA, CRISC, GIAC or other relevant certification)
• Up-to-date knowledge and regular monitoring of the evolution of technologies and vulnerabilities to identify the solutions and measures necessary to secure cloud computing applications and ecosystems
• Hands-on and in-depth experience with application and infrastructure-level design security including modern mitigation techniques and good practices (e.g., DNS-SEC, OWASP Top 10 mitigations, cryptographic fundamentals etc.)
• Strong hands-on skills with creating automations using Python

Nice to haves:

• Fluency with at least one infrastructure-as-code or configuration management language
• Experience in the design and implementation of security controls
• Hands-on experience with GCP security architectures
• Experience with the implementation of security compliance standards SOC2, HIPAA, and CCPA
• Experience with design and enforcement of security best practices for the development
• Experience with planning and execution of security web and infrastructure pen testing
• Experience with DLP (data loss prevention)
• Experience with Kubernetes
• Experience with risk modeling for AI/ML data protection

Notice to Candidates:

EvenUp has been made aware of fraudulent job postings and unaffiliated third parties posing as our recruiting team – please know that we have no affiliation or connection to these situations. We only post open roles on our career page (evenuplaw.com/careers

) or reputable job boards like our official LinkedIn

or Indeed

pages, and all official EvenUp recruitment emails will come from the domains @evenuplaw.com, @evenup.ai, @ext-evenuplaw.com, no-reply@ashbyhq.com or no‑reply@canditech.io email addresses.

To ensure fairness and proper consideration, we do not accept resumes or expressions of interest via email or social media messages. If you’re interested in a role, please submit your application directly through our careers page

.

If you receive communication from someone you believe is impersonating EvenUp, please report it to us at talent-ops-team@evenuplaw.com. Examples of fraudulent domains include “careers-evenuplaw.com” and “careers-evenuplaws.com”.

Benefits & Perks:

As part of our total rewards package, we offer attractive benefits and perks to our employees, including:

• Choice of medical, dental, and vision insurance plans for you and your family
• Additional insurance coverage options for life, accident, or critical illness
• Flexible paid time off, sick leave, short-term and long-term disability
• 10 US observed holidays, and Canadian statutory holidays by province
• A home office stipend
• 401(k) for US-based employees and RRSP for Canada-based employees
• Paid parental leave
• A local in-person meet-up program
• Hubs in San Francisco and Toronto

Please note the above benefits & perks are for full-time employees

EvenUp is an equal opportunity employer. We are committed to diversity and inclusion in our company. We do not discriminate based on race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.