Lead Security Engineer

At Timescale, we empower businesses with real-time insights from their data, allowing them to make faster decisions and optimize operations. We are creating a movement to unblock developers who are building the future. Timescale is a product-led growth organization driven by transparent leaders and a globally diverse, remote-first team that is proudly building a modern PostgreSQL cloud platform.

We’re scaling our engineering organization and maturing our security practices to support the demands of a growing customer base. We’re looking for a pragmatic, delivery-oriented Security Engineering Lead to embed secure development practices across our engineering teams and lead the execution of key AppSec initiatives.

This is a hands-on technical leadership role with strategic impact: you'll not only deliver secure engineering practices, but also lead the definition of our application security strategy in partnership with engineering leadership. The right candidate thrives on influencing without authority, bringing people along with clarity and credibility, and driving security outcomes through partnership, not policing.

This is currently an individual contributor role, but there is clear potential to grow into a formal leadership position as we expand our security function. You’ll be instrumental in shaping how we build and scale security within Engineering, and may have the opportunity to build and lead a small team in the future.

What you will be responsible for:

• Partner with engineering teams to embed security best practices into our SDLC—from design to deployment.

• Lead the creation and execution of our AppSec roadmap: secure code reviews, dependency scanning, threat modeling, and secrets management.

• Drive adoption of security tooling and automation in CI/CD pipelines (e.g., SAST, SCA, secret scanning).

• Influence secure design decisions across engineering by building trust and technical credibility.

• Promote a culture of secure development through enablement, documentation, and coaching, not mandates.

• Collaborate with the Cloud Platform team to ensure secure-by-default infrastructure configurations (e.g., IAM, least privilege, encryption).

• Own key security concerns related to Kubernetes and cloud-native infrastructure (GCP, AWS), ensuring cluster and workload security, service mesh protections, and least privilege IAM.

• Contribute to incident response playbooks and participate in postmortems where security is involved.

• Participate as a key player in our cross-functional compliance efforts (e.g., SOC2, ISO 27001, HIPAA)

• Stay on top of the evolving security landscape and ensure we’re continuously improving our security posture.

You’d be a great fit if you have:

• 5+ years in security engineering or software engineering with a strong application security focus.

• Experience working with development teams in high-growth or cloud-native environments.

• Strong experience with securing Kubernetes-based infrastructure in public cloud environments (GCP preferred).

• Demonstrated ability to lead without direct authority, influence roadmaps, and build alignment around security outcomes.

• Strong practical understanding of web app and API security, threat modeling, and secure software patterns.

• Proven track record of shipping security improvements that stick in codebases, pipelines, or processes.

• Experience implementing or managing security tooling.

• Effective communicator who can translate risk into clear, actionable decisions across technical and non-technical teams.

• Strong ownership mindset with the ability to lead initiatives end-to-end, and the desire to grow into a formal leadership role over time.

• Exposure to compliance frameworks like SOC 2 or ISO 27001 is a plus.

• Familiarity with Go, Rust, or C is a plus.

Nice to Have:

• Familiarity with threat modeling tools and frameworks (e.g., STRIDE, IriusRisk).

Our Commitment:

• We will respond to all applicants

• We strive to review all applications fairly, without bias, and shortlist based on relevant skills and experience.

• All active candidates will be informed of what is happening next in the process.
  

About Timescale🐯

Timescale is the creator of TimescaleDB and PGVectorscale, trusted by tens of thousands of organizations for their mission-critical applications. We're committed to empowering developers and businesses worldwide, helping them build data-driven products that measure everything that matters—from software applications and industrial equipment to financial markets, blockchain activity, consumer behavior, machine learning models, and climate change.

👉 Want to get a feel for how we work and what we value? Check out our blog post: What It Takes to Thrive at Timescale

By analyzing data across time, developers gain insights into what’s happening, how it’s changing, and why. With a global, fully remote workforce, Timescale is supported by top investors, including Tiger Global, Benchmark Capital, NEA, Redpoint Ventures, Icon Ventures, and Two Sigma Ventures.

Enjoy debating the crunch-factor of different chicken nuggets 🍗, sweating it out during lunch 💦, talking about your kids, whether they be actual children 👶🏽, potted plants 🌱, or four-legged creatures 🐾? You’ll fit right in at Timescale!

Our Tech stack: 

We share our tech stack with the caveat that we don’t require previous experience in it (but a love of these languages is helpful): Timescale's tech stack includes TimescaleDB, built on PostgreSQL, along with AWS, Go, Docker, Kubernetes, and Python for scalable time-series data management.

To learn more, visit www.timescale.com or follow us on Twitter @TimescaleDB.

What we’re offering

Benefits may differ from country to country.

• Flexible PTO and family leave

• Fridays off in August 😎

• Full remote work from almost anywhere

• Stock options

• Monthly WiFi stipend

• Professional development and educational benefits 📚

• Premium insurance options for you and your family (US employees)