Jobs Companies ButterflyMX Sr. Security Engineer

About this Sr. Security Engineer role at ButterflyMX

ButterflyMX · Remote · US Remote

Our Mission
ButterflyMX is on a mission to empower people to automate property access, operations, and security from a single platform. Our products are installed in more than 20,000+ multifamily, commercial, gated communities, and student-housing properties worldwide, including properties developed, owned, and managed by the most trusted names in real estate. Our features are designed for developers, owners, property managers, and tenants, and our products lower operating costs and improve tenant satisfaction.

Our Solution
Developers and owners no longer need to run building wiring or install in-unit hardware. Property managers can grant building access, revoke permissions, and review entry logs from an online dashboard. Residents can open doors from their smartphones, issue visitor access, and see who is trying to enter the building.

Our Culture & Values
Fantastic people are the key to our success. As a distributed, primarily remote workforce, we’re looking for more intelligent, passionate, collaborative, ai-forward, and down-to-earth individuals to join our growing team. We’re driven by a shared commitment to excellence and innovation, grounded in our core values: We delight our customers, We take ownership, We are a community of collaborators, We speak up, We think big and do small, and We are tenacious.

Role Overview

ButterflyMX is looking for a Senior Security Engineer to join our growing security team. In this role you will drive application security across the full software development lifecycle — from threat modeling and secure code review to penetration testing and vulnerability management. You will build the internal tooling that powers the “defender’s loop” and scales security. You will partner with product teams to embed security into the development lifecycle and ensure reusable secure patterns. You will partner closely with engineering to build security in from the start, while also owning our active testing program to identify and remediate vulnerabilities before adversaries do. You will be the person engineers come to for clear and practical answers. This is an individual contributor role reporting directly to the CISO. You will help shape our security program as an early, senior hire.

Responsibilities

  • Lead application security reviews, threat modeling sessions, and secure code review for new features and significant product changes.

  • Operate and continuously improve SAST, DAST, and SCA tooling; triage and prioritize findings in partnership with engineering teams to harden the codebase.

  • Plan and execute internal penetration tests against web applications, APIs, and mobile clients; coordinate and support third-party assessments.

  • Own the vulnerability management lifecycle from discovery, prioritization, remediation tracking, through to validation.

  • Develop and maintain secure coding standards, developer security guidance, and training materials.

  • Integrate security tooling into CI/CD pipelines and champion shift-left security practices across the SDLC.

  • Investigate security incidents and bug bounty submissions; provide root cause analysis and remediation recommendations.

  • Partner with Product and Engineering on security architecture decisions for new product capabilities.

  • Stay current on emerging threats, CVEs, and attack techniques relevant to our technology stack and support continuous program improvement.

Requirements

  • 5+ years of experience in application security, with hands-on proficiency in both secure development lifecycle practices and offensive testing.

  • Strong understanding of web application and API security fundamentals (OWASP, MITRE, CIS, API-specific attack surfaces).

  • Experience operating SAST/DAST/SCA ASPM tools.

  • Fluency in scripting or development languages (Python, JavaScript, Go, Ruby, or similar) sufficient to review code and write internal tooling.

  • Experience designing and executing penetration tests against modern web and mobile applications.

  • Familiarity with cloud security (AWS preferred, some GCP and OVH) and container/Kubernetes security.

  • Comfortable in a regulated environment (e.g., SOC 2 or similar).

  • Excellent written and verbal communication skills; able to translate technical risk to non-technical stakeholders.

  • Relevant certifications a plus: OSCP, GWAPT, GPEN, CEH, or equivalent.

  • Proven experience with leveraging AI tools in both professional and personal settings. ButterflyMX is an AI-forward organization and the ability to optimize efficiency using AI is crucial in every role. Can you use LLMs to build a threat model (bootstrap from the code, docs, and vulnerability history, entry points, git history, etc. and leverage Shostack’s four questions); to build an isolation layer to run agents safely and verify exploitability matched to the threat model; to partition the search space and leverage SAST scanners or fuzzers; to filter out non-exploitable findings and triage for patch priority; and, to rate the severity based on reachability, attacker control, preconditions, authentication, read vs write, and blast radius.

Benefits

  • Comprehensive Medical, Dental and Vision plans (ButterflyMX covers 80% of the cost) starting day 1

  • 401(k) plan with a match

  • 10 paid holidays, 20 vacation days, 5 sick days, 3 floating holidays

  • Basic Life and Accidental Death and Dismemberment Insurance (ButterflyMX covers 100% of the cost)

  • Short and Long Term Disability (ButterflyMX covers 100% of the cost)

  • Paid Family Leave

  • Employee Assistance Program

  • Quarterly self-care stipends

  • Access to optional benefits including pre-tax flexible healthcare spending accounts (FSA and HSA), Dependent Care FSA, and Commuter Benefits, as well as optional Supplemental Life, AD&D, Hospital Indemnity, Legal, Accident, Critical Illness, Pet, and Personal Liability Insurance

  • And more!

ButterflyMX is an equal opportunity employer and we value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status. You must have the authorization to work in the US to become an employee. We strive to create an accessible and inclusive experience for all candidates and employees. If you need reasonable accommodations during the application or the recruiting process, please let our recruiting team know.

Ready to apply to ButterflyMX?
Apply to ButterflyMX

Similar jobs

OpenAI
Offensive Security Engineer, Agent Products
OpenAI
⚡ Apply early Remote - US · location restricted $347,000–$490,000
● New 👁 Seen ✓ Applied 5h ago
Engine
Staff Cloud Security Engineer
Engine
⚡ Apply early Remote - US · location restricted $137,275–$190,000
● New 👁 Seen ✓ Applied 5h ago
Tenable, Inc.
Senior Software Engineer - Cloud Security
Tenable, Inc.
⚡ Apply early US - Remote - Massachusetts ,... · location restricted $137,500–$183,500
● New 👁 Seen ✓ Applied 7h ago
Pinterest
Security Software Engineer II, Corporate Security
Pinterest
⚡ Apply early San Francisco, CA, US; Remote,... · location restricted $123,696–$254,667
● New 👁 Seen ✓ Applied 8h ago
Apollo GraphQL
Staff Security Operations Engineer
Apollo GraphQL
⚡ Apply early US time zones (remote) · location restricted $210,000–$255,000
● New 👁 Seen ✓ Applied 21h ago
Blink Health
Senior AI Security Engineer II
Blink Health
⚡ Apply early United States Onsite
● New 👁 Seen ✓ Applied 1d ago
NinjaTrader
Staff Security Engineer, Application Security
NinjaTrader
⚡ Apply early Chicago or Remote* · location restricted $210,000–$260,000
● New 👁 Seen ✓ Applied 1d ago
Horizon3 AI
WebApp Offensive Security Software Engineer
Horizon3 AI
⚡ Apply early US, Remote · location restricted $196,000–$242,000
● New 👁 Seen ✓ Applied 1d ago
Hex Technologies
Cloud Security Engineer
Hex Technologies
⚡ Apply early SF, NYC, or Remote (US) · location restricted $200,000–$265,000
● New 👁 Seen ✓ Applied 1d ago

Sign up for suggestions tailored to the jobs you open and the searches you save.

More jobs at ButterflyMX

See all jobs at ButterflyMX →

Apply now
🤖

Whoa — hold up

JobsRadar was built for real people having a rough time in their job search — not for automated requests. You're clicking way too fast and you're now temporarily blocked.

Come back later. If you're genuinely job hunting, we've got your back — just act like a human.

Catch your next role the second it’s posted.

Create a free account and we’ll watch the boards for you — the instant a job matches your search, it lands in your inbox or Telegram. No digging, no refreshing.

Create free account

Free forever · takes 30 seconds · already have one?

Get an edge on your job hunt.

Join our Telegram channel for the stuff that helps you land the role — salary benchmarks, the weekly market pulse, and new-feature drops. No spam, just signal.

Join the channel — it's free