Founding Security Engineer

Company Overview

Promise modernizes how government agencies and utilities support people in financial difficulty. We build technology that makes it simple for residents to receive benefits, engage with assistance programs, set up flexible payment plans, and stay on track—while helping agencies increase efficiency, recover revenue, and deliver services with dignity. Our mission is to transform public systems so they work better for everyone, especially the most vulnerable.

Our team includes experts from companies like Palantir, Google, Stripe , and esteemed government leaders. We work hard and believe deeply in what we do. We're looking for excellent people to build innovative, resilient technology.

Backed by over $50 million in funding from top investors – such as Reid Hoffman, Howard Schultz, Michael Seibel, Y Combinator, 8VC, The General Partnership, First Round Capital, Kapor Capital, XYZ Ventures, and Bronze Investments – Promise has been recognized as one of Fast Company's "World's Most Innovative Companies of 2022,” “Forbes Next Billion-Dollar Startups 2024,” and Y Combinator’s #1 GovTech startup.

We’re hiring a Founding Security Engineer to be our first dedicated security generalist who can both set strategic direction and ship concrete improvements across our entire security surface area.

Our security team orients around enabling Promise and its clients while guaranteeing a high standard of security. We look for ways to solve problems together with security as one of the key outcomes.

What you’ll do

• Build and run detection: write, tune, and respond to Python-based rules to catch anomalous activity and improve signal-to-noise.

• Partner with our Infrastructure team to secure GCP + cloud networking and improve Kubernetes security.

• Strengthen application security and help make pragmatic upgrades (e.g., Next.js, dependencies).

• Improve security through code + automation (guardrails, checks, remediation workflows).

• Own vulnerability management end-to-end: identify, prioritize, and drive fixes to closure in coordination with codeowners

• Help build a strong security culture through clear guidance, training, and partnership with engineers.

• Develop technical and policy frameworks to guide ambitious and safe AI adoption company-wide.

• Collaborate closely with engineering on secure product design and technical implementation.

What we’re looking for

• 5–8 years of experience, with meaningful time focusing on security.

• Strong understanding of cloud security + networking (GCP preferred).

• Comfortable reading code and shipping fixes; Python scripting strongly preferred.

• Experience operating security tooling (endpoint/EDR, MDM, audit logging/alerting, CSPM).

• Familiarity with GitHub, Terraform, and CI/CD security fundamentals.

• Desire to enable innovation and development

Nice to have

• WAFs / web app security controls

• Threat modeling experience

• Deep Kubernetes hardening/runtime experience

Promise is an equal opportunity employer and does not discriminate against any applicant or employee because of race, color, religion, sex, sexual orientation, gender identity, national origin, disability, genetic information, age, or military or veteran status. Additionally, the Company complies with applicable state and local laws governing non-discrimination in employment in every jurisdiction in which it operates. Promise is committed to promoting diversity and inclusion in the workplace. We also provide reasonable accommodations to qualified individuals with disabilities, pregnant individuals, and those with sincerely held religious beliefs, in accordance with applicable laws.

Promise engages in US government contracts and restricts hiring to US persons, which includes US citizens and permanent residents (e.g., Green Card holders). Additionally, candidates must reside in the US.