Senior Security Engineer

ngrok is an all-in-one cloud networking platform that secures, transforms, and routes traffic to services running anywhere. Instead of cobbling together nginx, NLBs, VPNs, model routers, and oodles of other tools, developers solve every networking problem with one gateway. Doesn’t matter if they’re sharing localhost or running AI workloads in production.

We're trusted by more than 9 million developers at companies like GitHub, Okta, HashiCorp, and Twilio. What started as a way to put your local app on a public URL has grown into a universal gateway for API delivery, AI inference, device fleets, and site-to-site connectivity. It’s the same ngrok that millions of developers have loved and leaned on every day for years, now with the power to run production traffic at scale.

A few things you should know:

• We are obsessed with our pets, Viper sunglasses and Bufo (yes, the toad)
• We have a designated Chief Emoji Officer - they are vital to our success!
• We like software that’s serious and culture that’s not

Still reading? Good. There's more below worth your time.

Security at ngrok is being built from the ground up, and this role is the foundation. ngrok sits at a uniquely sensitive position in the internet stack: traffic flows through us, and the developers and companies who rely on us trust us with that. As our first dedicated Security Engineer, you won't be inheriting a sprawling program or a backlog of someone else's decisions. You'll be defining how security works here — partnering closely with engineering, infrastructure, and leadership to build automated guardrails, opinionated defaults, and self-service tooling that scale with the team rather than slow it down. The threat landscape is shifting fast, and we want a security posture we're proud to stand behind.

• →Audit the current state of security tooling, pipeline coverage, cloud posture, and detection capabilities, and turn that into a prioritized security roadmap tied to ngrok's business objectives
• →Ship developer-facing security tooling: automated checks in CI/CD, secrets scanning, dependency vulnerability tracking, and secure-by-default libraries that make the right choice the easy choice
• →Run a structured risk assessment across product and infrastructure to document what we know, what we don't, and what needs to change
• →Establish guardrails for how we use AI in our engineering pipeline — policies and tooling that let us move fast without introducing new risk classes
• →Stand up baseline detection and response: log coverage, alerting, and a documented incident response process
• →Own the security engineering program end-to-end over time — clear ownership, documented controls, meaningful metrics, and an internal security platform (reusable libraries, self-service tooling, automation) that reduces the security burden on every engineer

• You've worked in a security engineering role where you shipped tooling, built automation, or owned security infrastructure — not just reviewed it
• You have strong engineering fundamentals and are comfortable writing quality code in Go or Java, Rust, C, C++
• You know how to integrate security checks into CI/CD pipelines without slowing teams down
• You have hands-on experience with cloud security, particularly AWS (IAM, VPC, CloudTrail, GuardDuty)
• You understand AI/ML security risks like prompt injection, insecure code generation, and LLM-assisted attack vectors
• Bonus Points:
  • You've built internal security platforms or developer-facing security tooling
  • You've done detection engineering — writing detection rules, tuning signals, reducing alert fatigue
  • You've secured networking or developer infrastructure products

ngrok runs entirely on AWS. Engineers develop by using remote development tools and/or ssh to connect to remote EC2 environments that run a full Kubernetes cluster of the ngrok stack, closely mirroring production. The codebase is primarily Go and TypeScript. We use Postgres for persistence, Kafka for streaming, Protobuf for service boundaries, and Kubernetes, Terraform, Helm, and Buildkite to operate and ship reliably. React is used for user interfaces, and GitHub supports our development workflows and remembers everything.

This is a remote position for candidates outside of the Bay Area and a hybrid role for candidates within commuting distance to San Francisco. Our Bay Area employees commute to the office on Tuesdays and Wednesdays.

All candidates must be US-based, and legally authorized to work in the United States.

At this time, ngrok is unable to provide visa sponsorship for this position. Applicants must be authorized to work in the United States on a permanent, ongoing basis without the need for current or future sponsorship.

• Tier 1 (SF, LA, Seattle, NYC): $234,000 – $286,000
• Tier 2 (rest of US): $215,280 – $263,120

Job level and actual compensation will be evaluated based on factors including, but not limited to, qualifications objectively assessed during the interview process (including skills and prior relevant experience, potential impact, and scope of role), internal equity with other team members, market data, and specific work location. We provide an attractive mix of salary and equity.

#LI-Hybrid