Lead Security Engineer

About Us

HighLevel is an AI powered, all-in-one white-label sales & marketing platform that empowers agencies, entrepreneurs, and businesses to elevate their digital presence and drive growth. We are proud to support a global and growing community of over 1 million businesses, comprised of agencies, consultants, and businesses of all sizes and industries. HighLevel empowers users with all the tools needed to capture, nurture, and close new leads into repeat customers. As of mid 2025, HighLevel processes over 4 billion API hits and handles more than 2.5 billion message events every day. Our platform manages over 470 terabytes of data distributed across five databases, operates with a network of over 250 microservices, and supports over 1 million hostnames. Our People With over 1,500 team members across 15+ countries, we operate in a global, remote-first environment. We are building more than software; we are building a global community rooted in creativity, collaboration, and impact. We take pride in cultivating a culture where innovation thrives, ideas are celebrated, and people come first, no matter where they call home. Our Impact As of mid 2025, our platform powers over 1.5 billion messages, helps generate over 200 million leads, and facilitates over 20 million conversations for the more than 1 million businesses we serve each month. Behind those numbers are real people growing their companies, connecting with customers, and making their mark - and we get to help make that happen. Learn more about us on our YouTube Channel or Blog Posts \n What You’ll Be Doing: Perform and lead manual and automated penetration testing across applications, APIs, and cloud services Drive threat modeling and secure architecture reviews across app and infrastructure layers Collaborate with Infra/DevOps on cloud network architecture, including VPC design, security groups, routing, and segmentation Design and advise on cloud-native security controls — IAM hardening, role boundaries, secrets management, least privilege Evaluate and improve Kubernetes and container security posture (runtime, image, and network layers)Implement secure-by-default patterns across SDLC, CI/CD, and Infrastructure-as-CodeMonitor emerging threats, CVEs, and vulnerabilities relevant to our stack (web, cloud, infra) Influence internal security tooling, automation pipelines, and security review processes Serve as a security advisor to engineering, SRE, and product teams across key projects What You’ll Bring: 8+ years of total experience in Application Security, Security Engineering, or Penetration Testing roles Strong hands-on experience with threat modeling, secure architecture reviews, and pen testing Familiar with OWASP Top 10, STRIDE, and modern security frameworks Experience with tools like Burp Suite, ZAP, Snyk, Metasploit, Semgrep Ability to read and analyze code (e.g., JavaScript, Go, PHP, or Node.js)Working knowledge of cloud security principles (preferably AWS)

Preferred Qualifications

Experience with multi-tenant SaaS platforms or white-labeled architectures Familiarity with network-level security concepts: VPC design, IAM, zero-trust networksExposure to container security (Docker, Kubernetes) Background in B2B SaaS, especially servicing regulated industries (health, legal, finance) Hands-on with IaC security and CI/CD pipelines (e.g., GitHub Actions, Terraform) \nEqual Employment Opportunity Information The company is an Equal Opportunity Employer. As an employer subject to affirmative action regulations, we invite you to voluntarily provide the following demographic information. This information is used solely for compliance with government record keeping, reporting, and other legal requirements. Providing this information is voluntary and refusal to do so will not affect your application status. This data will be kept separate from your application and will not be used in the hiring decision.