Logo for RevenueCat

Head of Security

Role overview

Qualifications

  • Deeply technical security leader
  • Strong understanding of infrastructure and application security
  • Experience with AWS, distributed systems, developer tools, fintech, mobile, or payments
  • Strong communication skills

Responsibilities

  • Learn RevenueCat’s architecture, systems, and operational model
  • Own and evolve RevenueCat’s security roadmap
  • Drive meaningful improvements to our overall security posture
  • Establish a mature, pragmatic, high-trust security program

About the company

RevenueCat logo

RevenueCat

Computer Software / SaaS

The world's top apps use RevenueCat to build, analyze, and grow subscriptions on iOS, Android, and the web.

Company details

Company typeScaleup
IndustryComputer Software / SaaS
Company size51 - 200

Your match analysis

See how your profile stacks up against this role.

We compared the job requirements to your profile to show where you're strong and where you fall short.

Job description

RevenueCat removes the headaches of building and scaling in‑app subscriptions. Since graduating from YC’s S18 batch we’ve grown into the default monetization platform for mobile: we’re in >40% of newly shipped subscription apps, we process $12B+ in annual purchase volume, and we help everyone from a solo dev in Brazil to the OpenAI mobile team understand and grow their revenue.

We’re a remote‑first crew of 150+, spread across 25+ countries, and guided by values we actually practice: Customer Obsession, Always Be Shipping, Own It, and Balance. If you want your work to touch hundreds of millions of end‑users (and help the developers behind them get paid), you’ll fit right in.

The role

RevenueCat makes building, analyzing, and growing mobile subscriptions easy. We power monetization for thousands of apps, from small indie developers to some of the largest apps in the world.

Our platform handles billions of events every day and sits in the critical path of our customers’ revenue. Reliability and security are not support functions here. They are core product requirements.

As the world changes with AI, the security landscape is getting significantly more chaotic. Supply chain attacks, credential theft, AI-assisted phishing, malicious packages, fraud, infrastructure attacks… the pace and sophistication of threats are accelerating quickly.

We already have strong foundations:

  • SOC 2 Type II for several years

  • A strong infrastructure and reliability culture

  • A security engineer focused on infrastructure/security operations

  • Ongoing investment in application security, with a very active bug bounty program

  • Product and engineering teams that genuinely care about security

  • Celebrate security awareness month with red team, social attacks and other activities

But we believe the next stage requires dedicated leadership and ownership across the entire security function.

That’s where you come in.

About you

You are a deeply technical security leader who understands how modern engineering organizations actually work.

You know how to improve security without turning the company into a bureaucratic nightmare. You are pragmatic, calm under pressure, and capable of building systems and processes that scale with the company.

You have a strong understanding of both infrastructure and application security. You’ve been involved in real-world security incidents and know how to navigate high-pressure situations with good judgment.

You are comfortable operating with high ownership and ambiguity, and can move between technical details, strategic planning, customer conversations, and incident response without losing context.

You are also excited about building and scaling a strong security organization over time. You know how to recruit great people, raise the bar, and create a security culture that engineers genuinely want to work with.

You have strong opinions on:

  • Supply chain security

  • Secure software development

  • AI-assisted engineering workflows

  • Infrastructure hardening

  • Identity and access management

  • Incident response

  • Balancing security with engineering velocity

Strong communication skills are important in this role. Experience with AWS, distributed systems, developer tools, fintech, mobile, or payments is a strong plus.

Most importantly, you understand that security is not compliance theater. It is a critical part of the reliability, trust, and long-term survival of the business.

Within 1 month, you’ll…

  • Learn RevenueCat’s architecture, systems, and operational model

  • Understand our existing security posture, controls, tooling, and processes

  • Build relationships across engineering and infrastructure teams

  • Review our current incident response and escalation practices

  • Start identifying high-leverage improvements and key risks

Within 3 months, you’ll…

  • Own and evolve RevenueCat’s security roadmap

  • Establish clear priorities across infrastructure, application, and internal security

  • Partner closely with engineering leadership on architecture and security decisions

  • Evaluate risks and policies around AI-assisted development workflows

  • Build trust internally as the security leader engineers want to work with, not work around

Within 6 months, you’ll…

  • Drive meaningful improvements to our overall security posture

  • Improve detection, prevention, and response capabilities

  • Improve security education and awareness across the company

  • Support customer-facing security conversations and reviews

  • Help define how the security organization should scale over time

Within 12 months, you’ll…

  • Establish a mature, pragmatic, high-trust security program

  • Build scalable systems that support both security and engineering velocity

  • Help RevenueCat stay ahead of the rapidly changing AI-driven threat landscape

  • Develop a long-term strategy for security, resilience, and operational trust

  • Be viewed internally as a critical technical and strategic leader across the company

What we offer:

  • Competitive equity in a fast-growing, Series C startup backed by top-tier investors, including Y Combinator

  • 10-year window to exercise vested equity options

  • Fully remote and flexible work environment

  • 4-5 weeks of suggested time off annually for mental, physical, and emotional recharge

  • $2,000 USD for workspace setup and $1,000 USD annual stipend for continuous learning

Curious about the interview process? Discover more in our blog post about how we hire and learn tips to help you succeed.

Apply once. Then go straight to the hiring manager.

After you apply, unlock the direct contact details of the people who actually make the call. A quick follow-up makes you 5x more likely to land an interview.

MR

Marcus Rivera

Chief Revenue Officer

m.rivera@company.com
linkedin.com/in/marcusrivera
Unlocked after you apply
·

Related jobs

Other jobs at RevenueCat

Premium

Reach out to the hiring manager directly.

Gain access to the contact details of the hiring managers who actually decide, and reach out to network with them directly. That, plus more when you upgrade:

  • Full match report with fit score and gaps
  • Career diagnostics on how recruiters read you
  • Curated company matches and warm intros
  • 48h early access to new roles

Cancel anytime.