Software Security Engineer

Interested in defining how AI shapes the future of work? Cresta is on a mission to make every knowledge worker 100x as effective, 10x faster and 10x better. Cresta is focused on using AI to help the workforce, not replace them. Cresta uses our patented Expertise AI to uncover expert insights from every conversation and put those insights into action with real-time coaching during customer conversations. We’re growing fast! Spun out of the Stanford AI lab and chaired by Google-X founder Sebastian Thrun, Cresta launched in 2020. Since then, we’ve grown revenue and our team by 300%! We’ve assembled a world-class team of AI and ML experts, go-to-market leaders, and top-tier investors and advisors including Andreessen Horowitz, Greylock Partners, Sequoia, and former AT&T CEO John Donovan. Our valued customers include brands like Intuit, Porsche, Adobe, and Dropbox and we have been recognized as a startup to watch by Business Insider, Forbes, and Gartner to name a few. We have huge ambitions and are looking for stellar candidates who have an entrepreneurial mindset and are excited to use cutting-edge AI to solve real-world business problems.

Cresta is seeking a passionate individual with solid security engineering experience to support the security & compliance team and enable growing global data protection and cybersecurity efforts.

What you'll do:

• Implement and collaborate on product security features


• Mature and extend our DevSecOps pipeline.


• Detect, defend, and respond to threats to Cresta and its customers


• Support SOC 2 Type II, ISO 27001 & 27701, PCI-DSS, TISAX and HIPAA audit processes with technical controls and evidence

• Perform security audits of Cresta’s products and cloud infrastructure and drive remediation of security risks


• Improve and monitor Cresta’s vulnerability management program to ensure we’re monitoring and mitigating known vulnerabilities


• Develop internal tooling and automation.

What we look for:

• Ambitious, passionate and results-oriented, with excellent interpersonal and communication skills


• 4+ years of experience in application security engineering and cloud security (AWS/GCP)


• Security domain knowledge across many cyber security disciplines




• Experience in static code analysis and remediation


• Experience in security operations (SOC) and incident response

• Working knowledge of Python and Go to develop and collaborate with engineering on product security features


• Experience managing competing efforts and requirements


• Experience with fast-growing SaaS start-ups