Security Engineer

We’re equipping every developer to build successful products by giving them a suite of products to analyze, test, observe, and deploy new features. We currently offer product and web analytics, session replay, feature flags, experiments, a CDP, SQL access, a data warehouse, and LLM observability… and there’s plenty more to come.

PostHog was created as an open-source project during Y Combinator's W20 cohort. We had the most successful B2B software launch on HackerNews since 2012 with a product that was just 4 weeks old. Since then, more than 100,000 companies have installed the platform. We've had huge success with our paid upgrades, raised bags of money from some of the world's top investors, and have extremely strong product-led growth – 97% driven by word of mouth. 

We're growing quickly, but sustainably. We're also default alive, averaging 10% monthly revenue growth and with more than $20m ARR. We're staying focused on building an awesome product for end users, hiring a handful of exceptional team members, and seeing fantastic growth as a result.

What we value

• We are open source - building a huge community around a free-for-life product is key to PostHog's strategy.

• We aim to become the most transparent company, ever. In order to enable teams to make great decisions, we share as much information as we can. In our public handbook everyone can read about our roadmap, how we pay (or even let go of) people, what our strategy is, and who we have raised money from. We also have regular team-wide feedback sessions, where we share honest feedback with each other.

• Working autonomously and maximizing impact - we don’t tell anyone what to do. Everyone chooses what to work on next based on what is going to have the biggest impact on our customers.

Solve big problems -we haven't built our defining feature yet. We are all about acting fast, innovating, and iterating.

We’re looking for a Security Engineer to take our security game to the next level. You’ll help shape how we think about security across the company, and build the systems that protect our customers and data. You’ll have a ton of autonomy and a real chance to make an impact – both in how secure we are and in how quickly we can move as a team. If you enjoy switching between strategy and shipping, you’ll love this role..

• Plan and build a practical security roadmap that fits our goals and how we work

• Review architecture and product designs to bake in security early

• Set up and run the next key controls we need – access, encryption, monitoring, etc.

• Run assessments like pen tests, vuln scans, and code reviews

• Write and maintain lightweight policies and practices that people actually follow

• Lead incident response when needed – investigate, contain, and fix

• Work with engineers to improve our level of security in how we build and ship products

• Hands-on experience building and running security infrastructure

• Strong knowledge of app, cloud, and network security

• Led or owned security projects or programs before

• Self-starter who can set priorities and get stuff done

• Good at balancing security with developer experience

• Comfortable using open-source tools to solve security problems

• Big on automation and reducing manual steps

• Cloud experience (AWS, GCP, Azure – we’re on AWS)

• Been a first or early hire in a security role at a startup

• Built up a security program from scratch

• Familiar with DevSecOps and related tooling

• Contributed to open-source security projects

• Implemented shift-left security practices in dev workflows

We believe people from diverse backgrounds, with different identities and experiences, make our product and our company better. That’s why we dedicated a page in our handbook to diversity and inclusion. No matter your background, we'd love to hear from you! Alignment with our values is just as important as experience! 🙏

Also, if you have a disability, please let us know if there's any way we can make the interview process better for you - we're happy to accommodate!