Lead Security Engineer

About us

The global hiring revolution is shaping a future where talent can thrive everywhere, driving innovation and progress on a global scale.

Multiplier is at the forefront of this change. By removing barriers and simplifying global hiring, we're creating a level playing field where businesses and individuals – (like you) – can compete, grow, and succeed, regardless of geography.

Multiplier empowers companies to hire, onboard, manage, and pay talent in 150 countries, quickly and compliantly. Our mission is to build a world without limits, where ambitious businesses can look beyond borders to build their global dream teams. Our unified employment platform, complete with world-class EOR, AOR and Global Payroll products, means it has never been easier to seize the global hiring opportunity.

We're backed by some of the best in the business, (Sequoia, DST, and Tiger Global), are led by industry-leading experts, scaling fast, and seeking brilliant like-minded enthusiasts to join our team. The future is borderless. Let's build it together.

Multiplier is seeking a highly skilled Lead Security Engineer to join our engineering organization. This role is critical to designing, implementing, and maintaining robust security measures across our entire infrastructure and applications, ensuring the confidentiality, integrity, and availability of our systems. You will play a key role in building a proactive security posture and fostering a security-first culture.

• Secure Architecture & SDLC: Design and build secure systems across all layers (network, OS, application), implement AppSec and Secure SDLC practices including SAST, DAST, and SCA.
• Cloud & Container Security: Develop and enforce security best practices for containerization, ECS, and Kubernetes, and manage secrets/key management.
• API Security: Ensure the security of GraphQL and REST APIs.
• DevSecOps & Automation: Drive DevSecOps enablement by integrating security into CI/CD pipelines and implement SOAR for automated incident response.
• Security Operations (SOC): Oversee and mature SOC operations, including SIEM management, log correlation, incident response (IR) runbooks and drills, and integration of threat intelligence for proactive threat hunting.
• Vulnerability Management & Testing: Lead internal/external VAPT, conduct penetration testing (web, API, mobile, cloud), plan red/purple team exercises, coordinate phishing simulations, and manage bug bounty programs and the Coordinated Vulnerability Disclosure (CVD) process.
• Vulnerability Remediation & Hardening: Drive post-VAPT remediation, manage vulnerability scanning, track patch management/misconfigurations, establish infrastructure baselining (CIS, STIGs), and report on exposure windows.
• Collaboration & Mentorship: Collaborate with engineering, SRE, and IT to embed security, and mentor junior security engineers.

• 8 years of experience in Security Engineering, AppSec, DevSecOps, or a related security-focused role.
• Proficiency in at least one modern programming language (e.g., Go, Python, Java).
• Strong understanding of secure architecture principles for network, OS, and application layers.
• Hands-on experience with AppSec tooling (SAST, DAST, SCA) and implementing Secure SDLC.
• Proven experience with container/ECS/Kubernetes security.
• Deep knowledge of secrets and key management solutions.
• Experience with API security, including GraphQL and REST.
• Demonstrable experience with DevSecOps enablement and pipeline integrations.
• Strong knowledge of incident management frameworks and leading high-severity incident response.
• Experience with SIEM and log correlation tools.
• Familiarity with threat intelligence feeds and proactive threat hunting.
• Proven track record of conducting VAPT, penetration testing, and red/purple team exercises.
• Experience managing bug bounty programs and external security testing vendors.
• Hands-on experience with vulnerability scanning and configuration management.
• Excellent communication, documentation, and collaboration skills.

Preferred Qualifications

• Prior experience in a high-scale production environment.
• Certifications in Security (e.g., OSCP, OSWE, CISSP, GSEC, AWS Certified Security - Specialty).
• Experience with SOAR platforms and automating security workflows.
• Knowledge of compliance frameworks (e.g., ISO 27001, SOC 2).

• High-impact role with the chance to play a key role in a rapidly growing company.
• Full autonomy in your role, with the flexibility to work in a hybrid environment.
• Work with a passionate, energetic, and diverse team.
• Competitive benefits, recognition programs, and career development opportunities.
• Attractive ESOPs, giving you a stake in the company's success.
• Comprehensive health insurance coverage for you and your family's well-being.
• Generous holiday policy.
• A company that genuinely invests in your professional success.

Equal Employment Opportunity

Multiplier is an equal opportunity employer. We value diversity. We do not discriminate based on race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.