About incident.io

incident.io is the leading AI incident response platform, built to help teams dramatically reduce incident response time and improve reliability. We bring together on-call, incident response, AI SRE, and status pages in a single platform, giving teams everything they need to respond quickly, reduce downtime, and keep customers in the loop.

Since launching in 2021, we’ve helped over 1,500 companies, including Netflix, Airbnb, and Block, run more than 500,000 incidents. Every month, tens of thousands of responders across Engineering, Product, and Support use incident.io to restore services faster, stay aligned under pressure, and focus on building what matters.

We’re a fast-growing, highly ambitious team that cares deeply about our customers, product quality, and making it magic. We’ve raised $100M from Index Ventures, Insight Partners, and Point Nine, alongside founders and executives from world-class technology companies.

The Team

Our Engineers know the drill, they’ve been paged at 3am. They’re on a mission to transform those wee-hour wake-up calls into smoother, more manageable experiences for engineering teams everywhere. In fact, they’re some of our product’s biggest fans and users. What really sets them apart is their unwavering commitment to our customers.

We’re looking for our first Security Engineer with a passion for application security who thrives when embedded within product teams. You’ll work side-by-side with engineers, helping us design and build secure systems from the ground up not just swooping in at the end to run a checklist. You’ll spot potential vulnerabilities before they reach production, coach engineers on secure coding practices, and help shape a culture where security is second nature.

As you’ll be the first Security Engineer, you’ll be collaborating heavily with the Infrastructure team as well to help us secure our infrastructure, CI/CD, and our internal tooling.

What you’ll be doing:

• Partner with product teams to design and review features with security built in from the start.

• Identify and mitigate vulnerabilities using white-box (code review, architecture analysis) and black-box (penetration testing, fuzzing) techniques.

• Proactively find security flaws in applications, APIs, and infrastructure, and help teams remediate them quickly.

• Introduce pragmatic security tooling and automation to strengthen defences without slowing down delivery.

• Champion secure coding practices and raise security awareness across the engineering organisation, including collaborating on incident response when needed.

What you need to be successful:

• Track record of finding and remediating application security vulnerabilities, ideally demonstrated through in-depth security research, penetration testing, or red teaming.

• Hands-on experience with white-box and black-box testing techniques and tools.

• Familiarity with secure software development in modern web applications (React, Go, TypeScript, Postgres, or similar stacks).

• Comfortable embedding within product teams and influencing design and implementation decisions.

• Experience with cloud security in Google Cloud Platform (GCP Security Command Center is a plus) and a pragmatic approach – knowing where to focus for maximum risk reduction without slowing down delivery.

What we offer:

We’re building a place where great people can do their best work—and that means looking after you and your family with benefits that support health and personal growth.

• Market leading private medical insurance

• Generous parental leave

• First Friday of the month off

• Generous annual leave/PTO allowance

• Competitive salary and equity

• Remote working and personal development budget

• Enhanced pension/401k