Jobs Companies CodeRabbit Lead Security Engineer

About this Lead Security Engineer role at CodeRabbit

CodeRabbit · Hybrid · San Francisco

About CodeRabbit

CodeRabbit is an innovative research and development company focused on building extraordinarily productive human-machine collaboration systems. Our primary goal is to create the next generation of Gen AI-driven code reviewers: a symbiotic partnership between humans and advanced algorithms that significantly outperforms individual engineers. We combine language models with human ingenuity to push the boundaries of software development efficiency and quality.

Role Overview:

CodeRabbit is on a mission to empower developers with lean, high-performance tools—they move fast, and so do the threats. That's why we're looking for a battle-tested Lead Security Engineer who’s been in the trenches and can architect, harden, and defend our infrastructure, tooling, and ecosystem.

As our Lead Security Engineer, you’ll lead security engineering at CodeRabbit, infusing security into every layer of our product and infrastructure. You become the steward of resilience, incident response, and proactive defense at scale.

Responsibilities:

  • Own the security roadmap — craft and execute a strategic security engineering plan that aligns with CodeRabbit’s fast-paced engineering cadence.

  • Boost resilience — champion defense-in-depth tactics: threat modeling, secure design reviews, hardening, CI/CD integration.

  • Be Incident Commander — spearhead security incident response and recovery: triage, resolve, root cause, and turn those learnings into stronger systems.

  • Tools & automation — build or integrate security tooling (SAST, DAST, SIEM, EDR, monitoring) into the developer workflow without slowing delivery.

  • Embed security fluently — partner with engineering and product teams to bring secure practices early into planning and daily workflows.

  • Talent & culture — help to hire, coach, and mentor a scrappy, resilient security engineering team; elevate security awareness across the company.

  • Compliance & policy — establish security standards, frameworks, or processes that evolve as we scale—but remain lean and developer-friendly.

Qualifications:

  • Battle-tested experience: 8+ years in security engineering, incident response, or correlated fields—bonus if you've led through a major production breach or targeted attack.

  • Technical depth: Extensive experience with security across software and infrastructure—threat modeling, pen testing, secure CI/CD pipelines, cloud security, incident response.

  • Strategic mindset: Ability to translate risk into actionables, communicate trade‑offs with engineering/product leadership.

  • Praxis over theory: You’ve taken production systems down (intentionally or unintentionally) and built them back stronger.

  • Security in chaos: Experience in pressure situations—with clarity, direction, and calm.

  • Developer‑centric approach: You can speak fluent dev-tools, empathize with fast-moving teams, and secure them without slowing them down.

Bonus Points:

  • You’ve implemented DevSecOps tooling and orchestrated shift‑left security in developer pipelines.

  • You’ve recovered from (or prevented) a critical security event, and turned that into an engineering culture improvement.

  • Experience in a dev‑tools, SDK, or platform-heavy company.

  • Hacker mindset + operational discipline - pentests, disaster recovery, threat hunting, tooling, cloud environments.

  • Certifications like CISSP, CISM, CEH, or relevant cloud security certs.

Why Join Our Engineering Culture?

  • CodeRabbit is building the next generation of AI-native developer tooling — starting with code review. We combine large language models with deep software engineering context to help teams ship faster, catch more bugs, and make better architectural decisions at scale.

  • We are a high-ownership engineering culture. That means no passive execution, no waiting for perfect tickets, and no narrowly defined task boundaries. Engineers here find problems before they're assigned, use AI as a core part of how they build, ship with judgment, and own outcomes from proposal to production.

  • Our operating philosophy: bias toward action, ship the smallest necessary coherent slice, validate proportional to risk, watch what happens, and make the system better. AI drafts; humans decide. Speed matters, but so does understanding what you ship.

  • This opportunity will be energizing for people who want real ownership, pace, and high standards. It's uncomfortable for people who prefer slow consensus or heavily managed workflows.

  • If you want to build tools that are changing how software gets written, and be held to the standard that the best engineers thrive under; we'd love to talk.

Our Values

  • 🤝 Collaborative Humans: Prioritizing collective intelligence

  • 🚀 Fearless Innovators: Turning obstacles into growth opportunities

  • 💪 Persistent, Passionate Developers: Thriving on complex, long-term challenges

  • 🎯 Impact-Driven Creators: Crafting intuitive tools for developers

  • 🧠 Rapid Learners and Un-learners: Adapting quickly in our fast-paced technological world

Ready to apply to CodeRabbit?
Apply to CodeRabbit

How this Security Engineer salary compares

This role pays $250,000/yrin line with the typical range for Security Engineer roles.

$177,750 median $232,000 $339,585

Typical range $198,125–$267,300/yr, from 209 comparable Security Engineer listings on JobsRadar (pay annualized to USD). See Security Engineer salary insights →

Similar jobs

Discord
Senior Security Engineer, Enterprise Security
Discord
⚡ Apply early Remote (Western States) · location restricted
● New 👁 Seen ✓ Applied 3h ago
OpenAI
Offensive Security Engineer, Agent Products
OpenAI
⚡ Apply early Remote - US · location restricted $347,000–$490,000
● New 👁 Seen ✓ Applied 7h ago
Code and Theory
Senior Engineer, Security & Compliance (US)
Code and Theory
⚡ Apply early Austin, Texas, United States;... Onsite $110,000–$150,000
● New 👁 Seen ✓ Applied 8h ago
MrBeast
Staff Embedded InfoSec Engineer
MrBeast
⚡ Apply early San Francisco Onsite $170,000–$250,000
● New 👁 Seen ✓ Applied 8h ago
MrBeast
Principal Compliance & Security Engineer
MrBeast
⚡ Apply early San Francisco Hybrid
● New 👁 Seen ✓ Applied 8h ago
Pinterest
Security Software Engineer II, Corporate Security
Pinterest
⚡ Apply early San Francisco, CA, US; Remote,... · location restricted $123,696–$254,667
● New 👁 Seen ✓ Applied 10h ago
Reddit
Staff Product Security Engineer
Reddit
⚡ Apply early Remote - United States · location restricted $217,000–$303,900
● New 👁 Seen ✓ Applied 11h ago
Reddit
Senior Security Engineer, AI Security
Reddit
⚡ Apply early Remote - United States · location restricted $190,800–$267,100
● New 👁 Seen ✓ Applied 11h ago
VE
Security Engineer, Detection Response
Vercel
⚡ Apply early Hybrid - San Francisco, New Yo... Hybrid $208,000–$312,000
● New 👁 Seen ✓ Applied 21h ago

Sign up for suggestions tailored to the jobs you open and the searches you save.

More jobs at CodeRabbit

See all jobs at CodeRabbit →

Apply now
🤖

Whoa — hold up

JobsRadar was built for real people having a rough time in their job search — not for automated requests. You're clicking way too fast and you're now temporarily blocked.

Come back later. If you're genuinely job hunting, we've got your back — just act like a human.

Catch your next role the second it’s posted.

Create a free account and we’ll watch the boards for you — the instant a job matches your search, it lands in your inbox or Telegram. No digging, no refreshing.

Create free account

Free forever · takes 30 seconds · already have one?

Get an edge on your job hunt.

Join our Telegram channel for the stuff that helps you land the role — salary benchmarks, the weekly market pulse, and new-feature drops. No spam, just signal.

Join the channel — it's free