Principal Security Engineer

Join Buildkite, where we help developers create faster, test smarter and innovate beyond limits.
We’re shaping the future of Scale-Out Delivery Platforms that is trusted by the worlds biggest tech companies

Remote

️ 6 weeks vacation

️ Generous tech and home office budgets

6 months paid parental leave

Coworking space budget

Equity opportunities

Healthcare and wellness

At Buildkite, our mission is to unblock every developer on the planet. We’ve rethought how software delivery should work and have built a platform that is fast, reliable, secure, and scalable to meet the needs of the most demanding high-growth tech companies globally, including Airbnb, Shopify, PagerDuty, and Lyft.

We’re looking for a Principal Security Engineer to lead the next chapter of security at Buildkite as an integral part of the Platform team. This is a high-impact senior individual contributor role where you’ll define and drive our long-term approach to security across people, systems, and product.

You will partner closely with engineering and company leadership to build a scalable, strategically-aligned security capability: one that supports autonomy, enables growth, and protects what matters most. You’ll work across teams, mentor others, and bring clarity and confidence to how we manage risk as we scale.

What You’ll Do

️ Drive Security Strategy and Leadership

• Define and lead Buildkite’s long-term security strategy, evolving our approach in partnership with Engineering Ops and company leadership
• Define and maintain our security roadmap, balancing strategic uplift with pragmatic risk management and org-wide alignment
• Define technology, people, and process requirements to meet our security goals and lead the implementation of key initiatives
• Design scalable, values-aligned security policies, frameworks, and processes that support a secure-by-default culture and enable team autonomy with accountability
• Embed security into engineering, product, and operational workflows, partnering across teams to ensure strong alignment and impact
• Uplift security capability across the business, mentoring engineers and sharing knowledge to grow maturity and confidence

• Operational Security and Risk Management

• Lead and evolve security operations, including proactive monitoring, incident readiness, and continuous improvement of detection and response
• Own and evolve our security incident response plans and processes as part of our broader incident management approach, ensuring we can detect, investigate, respond to, and learn from security incidents effectively
• Identify and drive remediation of complex vulnerabilities across infrastructure, applications, and third-party integrations
• Champion a secure-by-design mindset across engineering, embedding practices that scale with our growth and reduce organisational risk

Governance, Reporting, and Influence

• Establish executive-level security reporting, including dashboards and insights to support informed decision-making across leadership and the board
• Act as a visible, trusted advisor and thought partner, helping teams navigate challenges and make confident, risk-aware decisions
• Stay ahead of emerging risks and evolving needs, shaping strategy and driving resilience for the long term
• Foster a culture of learning, inclusion, and shared ownership, contributing to psychological safety and continuous improvement across teams

Skills and Experience You Bring

Security Expertise

• Experience leading security programs in startups or scale-ups, with proven delivery across complex environments
• Strong understanding of security and compliance frameworks and best practices (e.g. NIST CSF, SOC 2, CIS Benchmarks, OWASP)
• Experience working directly within operations and/or development teams
• Proficient in managing SIEM and/or SOAR platforms, with deep incident management skills
• Familiar with infrastructure, network, and application security in cloud environments (e.g. AWS)
• Able to recommend and design secure solutions aligned with business and engineering needs

Additional Experience We’d Value

• Experience in a range of security roles in startups or scale-ups
• Programming experience in Ruby or Go
• Experience with Terraform or other Infrastructure as Code tools
• Familiarity with software development practices such as source control and CI/CD pipelines
• Security certifications in operations, cloud, or governance
• Experience in a SOC or MSP/MSSP environment
• 3+ years working with AWS and 5+ years in operational security roles

Collaboration and Communication

• People-first mindset when solving security challenges, balancing pragmatism with strong risk awareness
• Excellent written and verbal communication skills, with the ability to explain security concepts to both technical and non-technical audiences
• Comfortable working remotely, with strong independence, proactivity, and attention to detail

Why Join Buildkite?

At Buildkite, we value kindness, autonomy, and collaboration. You’ll be joining a remote-first company where your work directly helps some of the world’s best engineering teams build and ship software faster and more safely. This is a chance to take on meaningful technical challenges, shape the future of our CI/CD platform, and improve the experience of thousands of developers every day.

You’ll also have access to a range of benefits designed to support you in doing your best work.

Equal Opportunity Employer

At Buildkite, we value diversity and celebrate all types of skills, backgrounds, and experiences. We’re dedicated to fostering an inclusive environment and providing reasonable accommodations throughout our recruitment process.

If you need any accommodations or support during the application or interview process, please reach out to us at [email protected].

Buildkite is a differently shaped company that values work-life balance and supports staff to work the ways that make sense for them. From the beginning, our goal has been to build a company that is people-centered, supportive and just a little bit weird