Staff Engineer, Workflow Engine
•Stripe· 23m
💻 Engineering📝 Contract🎯 Lead / Principal🇺🇸 Seattle, USA
23m ago
Fieldguide·about 2 hours ago
About Us
Fieldguide is establishing a new state of trust for global commerce and capital markets through automating and streamlining the work of assurance and audit practitioners specifically within cybersecurity, privacy, and financial audit. Put simply, we build software for the people who enable trust between businesses.
We’re based in San Francisco, CA, but built as a remote-first company that enables you to do your best work from anywhere. We're backed by top investors including Growth Equity at Goldman Sachs Alternatives, Bessemer Venture Partners, 8VC, Floodgate, Y Combinator, DNX Ventures, Global Founders Capital, Justin Kan, Elad Gil, and more.
We value diversity — in backgrounds and in experiences. We need people from all backgrounds and walks of life to help build the future of audit and advisory. Fieldguide’s team is inclusive, driven, humble and supportive. We are deliberate and self-reflective about the kind of team and culture that we are building, seeking teammates that are not only strong in their own aptitudes but care deeply about supporting each other's growth.
As an early stage start-up employee, you’ll have the opportunity to build out the future of business trust. We make audit practitioners’ lives easier by bringing together up to 50% of their work and giving them better work-life balance. If you share our values and enthusiasm for building a great culture and product, you will find a home at Fieldguide.
About the Role
Fieldguide is a Vertical AI company building Agents for the most complex workflows in audit. We partner with ambitious enterprise customers, including over 50 of the 100 largest accounting firms, and operate in a $100B+ market undergoing rapid transformation.
We’re looking for a Lead Security Engineer to build and own Fieldguide’s information security program. This role reports directly into our CTO and takes ownership of the technical security function and builds it into something that scales with the business.
Your primary focus is on securing code, APIs, and product architecture our customers depend on. You’ll also bring working knowledge of infrastructure and cloud security. Your superpower should be embedding security into how software gets designed, built, and shipped. You’ll partner closely with Engineering, Product, and Compliance to ensure security is foundational to everything we do.
What You’ll Own
Application security and secure development
Lead secure design reviews, threat modeling, and security-focused code reviews across the product and platform.
Ensure security is ingrained into the SDLC so that the secure path is the easy path for engineers with secure-by-default libraries, patterns, and guardrails.
Own authentication, authorization, API security, and data protection architecture for a multi-tenant SaaS platform.
Architect and maintain security tooling integrated into CI/CD pipelines: static analysis, dependency scanning, secrets detection.
AI security
Evaluate and mitigate risks specific to Fieldguide's AI Agents — prompt injection, data leakage through LLM contexts, unauthorized tool use, and unintended agent behaviors.
Partner with Agent and Platform teams to define security boundaries for agent execution: sandboxing, least-privilege tool access, and runtime policy enforcement.
Contribute to Fieldguide's approach to responsible AI, ensuring customer data is protected throughout the AI pipeline from ingestion through inference.
Vulnerability management
Build and run Fieldguide’s vulnerability management program: scanning, triage, SLA-driven remediation tracking, and engineering coordination.
Ensure visibility into vulnerability posture across application code, dependencies, and infrastructure.
Manage external penetration testing engagements, bug bounty programs, and coordinate remediation of findings.
Infrastructure security
Partner with infrastructure engineering to review and improve cloud security across our AWS environment: IAM, network architecture, secrets management, and logging.
You don’t need to be an AWS infrastructure expert, but you should be comfortable identifying risks and recommending improvements.
Ensure detection and monitoring capabilities are in place for security-relevant events via SIEM.
Security operations
Establish runbooks, communication protocols, and post-incident review practices in coordination with a 24/7 MDR team.
Collaborate with engineers on incident response processes and playbooks
Cross-functional leadership and customer trust
Partner with Compliance to ensure technical controls satisfy framework requirements (SOC 2, ISO 27001, ISO 42001, FedRAMP).
Help GTM teams articulate Fieldguide’s security posture to enterprise customers.
Start as an individual contributor, but as the security program matures, hire and mentor security engineers. Set the culture and standards for how security operates at Fieldguide.
What Success Looks Like
Security is embedded in the development lifecycle. EPD team members engage with security early and often, not as a gate at the end.
The security function uses AI and automation aggressively to punch above its weight. Manual toil is minimized and the team's leverage grows faster than its headcount.
Fieldguide has a clear, measurable vulnerability management posture with SLAs that engineering consistently meets.
Enterprise customers and auditors see a mature, well-articulated security program that builds confidence and accelerates deals.
The security function scales through automation, tooling, and clear ownership rather than heroics.
Who You Are
AppSec-first mindset: Your core strength is application security. You think about auth flows, data isolation, injection vectors, and API boundaries instinctively. You’ve found and fixed real vulnerabilities in production systems.
AI-native instincts: You have a practical thesis on using LLMs, agents, and automation to multiply the security team's impact. You're excited to use AI for tasks like automated code review triage, vulnerability prioritization, security questionnaire drafting, and pattern detection so the security function scales through leverage, not just headcount.
Engineer who does security: You write code, read code, and think about security through an engineering lens. You’re comfortable contributing to production systems in Python and TypeScript when needed.
Pragmatic risk thinker: You can look at a system design and quickly identify where the risks are, then prioritize based on actual impact rather than theoretical severity.
Strong communicator: You translate security risks into business terms, influence engineering teams without direct authority, and present to enterprise customers with confidence.
Comfortable with ambiguity: You’re owning a lot at a growth-stage company and will not have playbooks for everything. You’re energized by that.
Experience
8+ years in security with a primary background in application security, product security, or security-focused software engineering.
Track record of building or significantly maturing a security program, ideally at a growth-stage SaaS company.
Strong programming skills with demonstrated experience writing production software.
Familiarity with AWS security services and patterns: IAM, VPC, CloudTrail, KMS. You can identify misconfigurations and security gaps, even if you’re not the one writing Terraform.
Experience with threat modeling methodologies and secure design review processes.
Experience managing external penetration tests and coordinating remediation.
Familiarity with AI/LLM security considerations and emerging risks in agentic AI systems is a plus.
Experience supporting compliance frameworks (SOC 2, ISO 27001, NIST, FedRAMP) from the technical controls side is a plus.
More about Fieldguide
Fieldguide is a values-based company. Our values are:
Fearless - Inspire & break down seemingly impossible walls.
Fast - Launch fast with excellence, iterate to perfection.
Lovable - Deliver happiness & 11 star experiences.
Owners - Execute & run the business with ownership.
Win-win - Create mutual value & earn trust for life.
Inclusive - Scale the best ideas with inclusive teams.
Some of our benefits include
Competitive compensation packages with meaningful ownership
Flexible PTO
401k
Wellness benefits
Technology & Work from Home reimbursement
Flexible work schedules