Senior Security Engineer (Application & Infrastructure)

The Opportunity

Join us to own security endtoend, from shaping WAF rules and cloud posture to building secure APIs that millions rely on.

We’re hiring a Senior Security Engineer to help scale Thrive’s security posture as we continue to grow fast and land major enterprise customers.

This isn’t your typical security role. We’re looking for someone who can code first, audit later & are able to dive into our NodeJSReact stack, help teams ship securebydesign features, and implement pragmatic security improvements across our application codebase, tooling and cloud infrastructure.

You’ll work closely with Engineering, Product, and InfoSec to ensure Thrive stays secure by design, especially as we expand into new markets, industries, and regulatory environments.

What You’ll Be Doing

• Own security across the full stack, from React & NodeJS through to AWS infrastructure, WAFs, and CICD.

• Build and maintain securityfirst libraries, tooling and pipelines to support engineering at scale.

• Embed securebydefault practices into our codebase and developer workflows (CICD, code reviews, linting, scanning).

• Act as an internal consultant and coach, unblocking teams, upskilling devs, and spotting risks early.

• Partner with Engineering Leads and our CPTO to assess new threats, handle incidents, and continuously improve our posture.

• Support customer security reviews, RFPs, and external audits (SOC2, ISO27001, etc).

• Design and tune WAF rules, bot protections, and layered defenses to mitigate realworld attacks.

• Improve the security of our cloud infrastructure (AWS), IAM policies, and container configurations.

What We’re Looking For

Musthaves

• 5+ years as a fullstack or backend engineer with a strong security mindset.

• Deep experience with fullstack JavaScriptTypeScript (e.g. NodeJS React or equivalent) and AWS.

• Proven track record of identifying, fixing and preventing security issues in production systems.

• Strong understanding of common vulnerabilities (e.g. OWASP Top 10) and mitigation techniques.

• Comfortable working crossfunctionally with engineers, product managers, and leadership.

• Pragmatic you know when to secure, when to monitor, and when to say no.

• Experience with WAFs, IAM, and infrastructurelayer security (e.g., network, container, or runtime protections).

Nicetohaves

• Experience with SOC2 ISO27001, Vanta, or security questionnaires for enterprise customers.

• Familiarity with identity & access management (SSO, SCIM, RBAC), secure frontend patterns, and data encryption at restin transit.

• Incident response experience or interest in setting up robust response playbooks.

• Experience working in SaaS or L&D platforms, or building security into multitenant cloud applications.

Why Thrive?

• A chance to join a rocketship EdTech company on a mission to redefine workplace learning.

• A collaborative, peoplefirst culture where your voice matters and your work has a real impact.

• Competitive salary + uncapped commission + benefits (private health, wellness perks, pension).

• Remotefirst, flexible working environment built on trust and autonomy.

• The opportunity to work with global brands and cuttingedge learning technologies.

• 
  Sound Like You?

  If you’re an engineer who sweats the security details, loves building clean and secure code, and wants to shape security at a productled SaaS business we’d love to talk.

  
  

  #LIRemote