Staff Security Engineer

Patreon is a media and community platform where over 300,000 creators give their biggest fans access to exclusive work and experiences. We offer creators a variety of ways to engage with their communities and build a lasting business including: paid memberships, free memberships, community chats, live experiences, and selling to fans directly with one-time purchases.

Ultimately our goal is simple: fund the creative class. And we're leaders in that space, with:

• $8 billion+ in revenue generated since Patreon's inception

• 60 million+ free new memberships for fans who may not be ready to pay just yet, and

• 10 million+ fans paying each month for exclusive access to creators' work and community.

We're continuing to invest heavily in building the best creator platform with the best team in the creator economy and are looking for a Staff Security Engineer to support our mission.

This role is Remote friendly or open to those who are able to be in-office 2 days per week on a hybrid work model in our New York or San Francisco offices.

About the team

At Patreon, we deal with some of the most sensitive data such as patrons’ payment methods, creators’ financial information to process payouts, along with several other bits of personal information from patrons and creators alike—security is paramount to our success. As an L6 Security Engineer, you'll be our in-house generalist: part architect, part operations specialist, part developer, and part consultant. You'll own projects end-to-end—from conception through implementation and maintenance—and partner across Engineering, Product, and DevOps to bake security into everything we do.

About the role

• Data Privacy & Deletion Tooling:

  • Design, build, and operate internal systems for data classification, retention, and automated deletion in compliance with GDPR, CCPA, and other regulations.

  • Integrate with downstream services and data stores to ensure end-to-end coverage.

• Kubernetes Hardening:

  • Develop and enforce PodSecurityPolicies, NetworkPolicies, and admission controllers.

  • Write and enforce Open Policy Agent (OPA) rules

  • Perform threat modeling and risk assessments for new and existing clusters; automate remediation where possible.

• Security Automations:

  • Write robust Python scripts and applications to detect misconfigurations, enforce security guardrails, and streamline incident response.

  • Integrate with CI/CD pipelines (Terraform Cloud, GitHub Actions, etc.) for \"shift-left\" security.

• On-Call & Incident Response:

  • Serve on a quarterly rotation for 24/7 on-call coverage; respond to alerts and investigations, lead post-mortems, and drive continuous improvement.

• Bug Bounty & Vulnerability Management:

  • Partner with our bug bounty program: triage incoming reports, reproduce and validate findings, and coordinate fixes with Engineering.

  • Track and report on program metrics, drive outreach to top-performing researchers.

• Security Reviews & Advisory:

  • Review architectural and product changes—especially high-risk components—providing actionable guidance and gating risky rollouts.

  • Educate engineering teams through workshops, documentation, and \"security office hours.\"

About You

• Professional Background

  • Minimum of 7+ years of combined experience in Security Engineering, Security Software Engineer, DevSecOps, SRE or related roles in an enterprise or cloud-native environment.

  • Bachelor’s degree in Computer Science, Information Security, or related field (or 8+ years of relevant experience in lieu of degree).

• Technical Expertise

  • Strong foundation in one or more programming/scripting languages (e.g., Python) for automation and tooling.

  • Demonstrated ability to automate and secure production systems, third party SaaS apps, and security compliance controls in various environments.

  • Proficiency in security architecture reviews, implementing guardrails for cloud based web applications, and writing automations

About Patreon

Patreon powers creators to do what they love and get paid by the people who love what they do. Our team is passionate about making this mission and our core values come to life every day in our work. Through this work, our Patronauts:

• Put Creators First | They’re the reason we’re here. When creators win, we win.

• Build with Craft | We sign our name to every deliverable, just like the creators we serve.

• Make it Happen | We don’t quit. We learn and deliver.

• Win Together | We grow as individuals. We win as a team.

We hire talented and passionate people from different backgrounds because workplace diversity and inclusion is critical to our ability to serve creators worldwide. If you’re excited about a role but your past experience doesn’t match with every bullet point outlined above, we strongly encourage you to apply anyway. If you’re a creator at heart, are energized by our mission, and share our company values, we’d love to hear from you.

Patreon is proud to be an equal opportunity employer. We provide employment opportunities without regard to age, race, color, ancestry, national origin, religion, disability, sex, gender identity or expression, sexual orientation, veteran status, or any other protected class. If you need a reasonable accommodation during the interview process, please let us know via email at accomodations@patreon.

Patreon offers a competitive benefits package including and not limited to salary, equity plans, healthcare, flexible time off, company holidays and recharge days, commuter benefits, lifestyle stipends, learning and development stipends, patronage, parental leave, and 401k plan with matching.

Patreon operates under a hybrid work model, where employees based in office locations are expected to come into the office two days per week, excluding sick time and paid leave. The goal of this policy is to be intentional about the in-person time we spend together to strengthen the feeling of community at Patreon. Candidates hired into remote-eligible roles are not expected to meet the same requirements.

At Patreon, we believe in fair and transparent pay. In compliance with New York and California pay transparency laws, we are sharing the expected salary range for this role.

The posted salary range is dependent on the location and the level. This range may encompass multiple levels within the role’s job family. The final offer will be based on candidate’s experience, skills, competencies, and geographic location, aligning with the appropriate job level within Patreon’s leveling framework. For remote employees located outside CA and NY, salary may vary based on location and local market conditions.

Patreon reserves the right to modify or update compensation and benefits at any time.