Senior Security Engineer

CURRENT ROOT EMPLOYEES - Please apply using the career page in Workday. This career site is for external applicants only.

The Opportunity

We’re seeking a Senior Security Engineer who will not only enhance our security posture but collaborate across departments and lead critical security initiatives in a dynamic, high-growth environment. This role will work hands-on to identify and mitigate security risks across our software, infrastructure, and operational environments. It will implement robust security controls, advise development teams on best practices, and help shape our long-term security strategy—all while ensuring that our innovative solutions remain secure and reliable.

Root is a “work where it works best” company. This means we will support you working in whatever location that works best for you across the US. 

Salary Range: $109,305 - $136,631 (Bonus and LTI Eligible)

How You Will Make an Impact

• Risk Identification & Mitigation: Proactively identify, assess, and remediate security vulnerabilities across cloud infrastructure, applications, and internal systems.

• Implement Strategic Security Initiatives: Drive projects that safeguard Root’s products, infrastructure, and customer data.

• Threat Modeling & Reviews: Lead threat modeling sessions, security reviews, and architectural assessments to bolster our product security.

• Secure Development Lifecycle: Collaborate with engineering and DevOps teams to integrate security best practices throughout the software development lifecycle (SDLC) and cloud operations.

• Enhance Monitoring & Response: Implement and refine security monitoring, detection, and response capabilities across our technology ecosystem.

• Mentorship & Guidance: Provide technical leadership and mentorship to engineering teams on secure coding, vulnerability management, and risk assessment.

• Compliance Partnership: Work alongside compliance and risk teams to align security initiatives with regulatory requirements (e.g., SOC 2, PCI-DSS, NIST, OWASP).

• Automate for Efficiency: Develop and deploy automation tools and processes that streamline security operations and reduce friction for development teams.

• Stay Ahead of Threats: Keep current with emerging threats, vulnerabilities, and industry trends to continuously evolve Root’s security program.

What You Will Need to Succeed

• At least three years of experience in application security, security engineering, or cloud security. This includes a strong understanding of cloud security principles in AWS, GCP, or Azure, with hands-on experience securing cloud-based applications and infrastructure (e.g., IAM, network security, logging/monitoring).

• Proven ability to identify, assess, and mitigate security risks at scale in modern software development environments.

• Ability to translate security best practices into engineering requirements, especially as they relate to application security.

• Strong understanding of the OWASP Top Ten and SAMM framework for measuring and improving application security maturity.

• Experience performing threat modeling, particularly in an Agile development environment.

• Experience maintaining SAST and/or SCA tools, including the maintenance and tuning of detections.

• Proficiency in scripting and automation using programming languages such as Python or Ruby.

• Experience embedding security solutions into DevOps processes and pipelines and leveraging automation to enforce security policies.

• Familiarity with common attack vectors, industry best practices, and risk mitigation strategies.

• Experience working with compliance frameworks (e.g., SOC 2, PCI-DSS, NIST, ISO 27001).

• Strong analytical abilities and excellent communication skills, enabling you to effectively influence both technical and non-technical stakeholders.

• Willingness to participate in an on-call rotation to address critical security incidents and ensure timely response.

Don’t meet every single requirement?

Studies have shown that women and people of color are less likely to apply to jobs unless they meet every single qualification. At Root, Inc., we are dedicated to building a diverse and inclusive workplace, so if you’re excited about this role but your past experience doesn’t align perfectly with every qualification in the job description, we encourage you to apply anyway!

Join us

At Root, we judge people based on the merit of their work, not who they are. If you are passionate about what this role entails and solving real problems, we encourage you to apply. We want to learn about you and what you can add to our team.

Who we are

We’re harnessing the power of technology to revolutionize insurance. Using machine learning and mobile telematic platforms, we’ve built one of the most innovative FinTech companies in the world. And we’re just getting started.

What draws people to Root

Our success is in large part due to our unwavering standards in hiring. We recognize that our products are only as good as the people building and promoting them. We want individuals who find solutions by going through the cycle of ideation to implementation with curiosity, rigor, and an analytical lens. Ask anyone who works here and you’ll hear similar reasons for why they joined:

Autonomy—for assertive self-starters, the opportunities to contribute are limitless.

Impact—by challenging the way it’s always been done, we solve problems that have a big impact on our business.

Collaboration—we encourage rich discussion and civil debate at every turn.

People—we are inspired by the collection of crazy-smart people around us.