Resend
Security Engineer, Platform
1mo ago
Remoteapisecrets managementiamloggingincident responsecloud
Build and improve the security foundations of Resend's platform including API keys, service permissions, secrets management, and internal access controls.
Responsibilities
- Build and improve the security foundations of Resend’s platform, including API keys, service permissions, secrets management, tenant isolation, audit logs, and internal access controls
- Help design secure defaults for new services, workers, queues, databases, internal tools, and deployment pipelines
- Improve detection and response for suspicious access, leaked credentials, abnormal sending behavior, privilege changes, and sensitive system events
- Review and update our processes/pipelines so that security is “built-in”, not “bolt-on”
- Raise the security bar
Other
- Resend is growing fast, and there are now over 2 million developers using it. As the Platform Squad, we are responsible for the internal platform and reliability foundations that let Resend teams build, deploy, observe, and operate services safely.
- This role is fully remote based in Americas or European timezones, with some expected travel for team offsites, conferences, meetups, and more.
- Read more about how we work, how we hire, and what we value here .
- Have experience securing production infrastructure, cloud environments, APIs, developer platforms, or multi-tenant SaaS products
- Can write code and are comfortable reading application, infrastructure, and deployment code
- Understand authentication, authorization, secrets, IAM, logging, audit trails, incident response, and secure deployment pipelines.
- Independently prioritize and drive your day-to-day as the first dedicated security hire
- Prefer practical improvements over heavy processes
- Are low-ego, direct, curious, and willing to learn from others
- Care about developer experience and believe security should be easy to adopt
- Have experience with email infrastructure, transactional email, sender reputation, domain verification, SPF, DKIM, DMARC, webhooks, or abuse prevention
- Have secured cloud infrastructure using tools like AWS, Terraform, Kubernetes, Cloudflare, or similar systems
- Have experience with open source security, GitHub organization hardening, package publishing, dependency review, or supply-chain security
- Have helped a company prepare for SOC 2, ISO 27001, GDPR, enterprise security reviews, or customer trust processes without turning engineering into a compliance machine
- Have built security observability, alerting, detection pipelines, or incident response workflows
- Have worked closely with Trust & Safety, anti-abuse, fraud, or platform integrity teams
- Have experience designing security systems for high-scale developer products
- Autonomy to "just ship it"
- 100% remote team with flexible working schedules
- Modern tech stack (Next.js, Raycast, Notion, etc.)
- Honest and low-ego team
- Ownership of problems and solutions
- Comp: $120,000 - $140,000 USD, commensurate with experience
- We are building the modern email sending platform for developers. We care deeply about quality, craft, and the developer experience.
- Our fully remote team of 45 spans 13 countries and counting. We're backed by a16z, Y Combinator, and others. Meet the humans →