FlexHired LogoFlexHired
Logo of Cresta

Cresta

Software Security Engineer

Job Summary

The role involves supporting Cresta's security and compliance initiatives, including implementing and collaborating on product security features and extending the DevSecOps pipeline. The candidate will conduct security audits, support compliance with standards such as SOC2, ISO 27001, PCI-DSS, and HIPAA, and improve vulnerability management processes. Qualifications include at least 4 years of experience in application and cloud security, knowledge of security operations, and proficiency in Python and Go. The position is open in the US and Canada and offers a benefits package alongside a competitive salary and possible equity.

Required Skills

Python
Go
Cyber Security
Vulnerability Management
DevSecOps
Cloud Security
Incident Response
Application Security
Security Operations
Security Audits
Static Code Analysis

Benefits

Equity
Benefits

Job Description

Cresta is on a mission to turn every customer conversation into a competitive advantage by unlocking the true potential of the contact center. Our platform combines the best of AI and human intelligence to help contact centers discover customer insights and behavioral best practices, automate conversations and inefficient processes, and empower every team member to work smarter and faster. Born from the prestigious Stanford AI lab, Cresta's co-founder and chairman is Sebastian Thrun, the genius behind Google X, Waymo, Udacity, and more. Our leadership also includes CEO, Ping Wu, the co-founder of Google Contact Center AI and Vertex AI platform, and CTO & co-founder, Tim Shi, an early member of Open AI.
We’ve assembled a world-class team of AI and ML experts, go-to-market leaders, and top-tier investors including Andreessen Horowitz, Greylock Partners, Sequoia, and former AT&T CEO John Donovan. Our valued customers include brands like Intuit, Cox Communications, Hilton, and Carmax and we’ve been recognized by Forbes and Bain Consulting as one of the top private AI companies in the world.
Join us on this thrilling journey to revolutionize the workforce with AI. The future of work is here, and it's at Cresta.

About the role:

Interested in defining how AI shapes the future of work? Cresta is on a mission to make every knowledge worker 100x as effective, 10x faster and 10x better. Cresta is focused on using AI to help the workforce, not replace them. Cresta uses our patented Expertise AI to uncover expert insights from every conversation and put those insights into action with real-time coaching during customer conversations. We’re growing fast! Spun out of the Stanford AI lab and chaired by Google-X founder Sebastian Thrun, Cresta launched in 2020. Since then, we’ve grown revenue and our team by 300%! We’ve assembled a world-class team of AI and ML experts, go-to-market leaders, and top-tier investors and advisors including Andreessen Horowitz, Greylock Partners, Sequoia, and former AT&T CEO John Donovan. Our valued customers include brands like Intuit, Porsche, Adobe, and Dropbox and we have been recognized as a startup to watch by Business Insider, Forbes, and Gartner to name a few. We have huge ambitions and are looking for stellar candidates who have an entrepreneurial mindset and are excited to use cutting-edge AI to solve real-world business problems. Cresta is seeking a passionate individual with solid security engineering experience to support the security & compliance team and enable growing global data protection and cybersecurity efforts.

Responsibilities:

  • Implement and collaborate on Product security features
  • Mature and extend our DevSecOps pipeline
  • Detect, defend, and respond to threats to Cresta and it's customer
  • Support SOC2 Type II, ISO 27001 & 27701, PCI-DSS, TISAX, and HIPPA audit processes with technical controls and evidence
  • Perform security audits of Cresta's Products and cloud infrastructure and drive remediation of security of risks.
  • Improve and monitor Cresta's vulnerability management program to ensure we're monitoring and mitigating known vulnerabilities.
  • Develop internal tooling and automation

Qualifications We Value:

  • Ambitious, passionate and results-oriented, with excellent interpersonal and communication skills
  • 4+ years of experience in application security engineering and cloud security (AWS/GCP)
  • Security domain knowledge across many cyber security disciplines
    • Experience in static code analysis and remediation
    • Experience in security operations (SOC) and incident response
  • Working knowledge of Python and Go to develop and collaborate with engineering on product security features
  • Experience managing competing efforts and requirements
  • Experience with fast growing saas startups

Compensation for this position includes a base salary, equity, and a variety of benefits. Actual base salaries will be based on candidate-specific factors, including experience, skillset, and location, and local minimum pay requirements as applicable. We are actively hiring for this role in the US and Canada. Your recruiter can provide further details.

Interested in this job?

Application deadline: Open until filled

Logo of Cresta

Cresta

Cresta was founded with the goal of using AI to help people learn high-value skills and in doing so, make business radically more productive. Cresta’s team of world-renowned AI thought leaders, industry experts, and top-tier investors lean on experience from scaling companies like Google, Facebook, and Open AI on our march towards helping professionals become experts on day one.

See more jobs
Date PostedMay 28th, 2025
Job TypeFull Time
LocationCanada/Germany/Romania (Remote)
SalaryCompetitive rates
Exciting remote opportunity (requires residency in Canada, Germany, Romania) for a Software Security Engineer at Cresta. Offering competitive salary (full time). Explore more remote jobs on FlexHired!

Safe Remote Job Search Tips

Verify Employer Thoroughly

Research the company's identity thoroughly before applying. Check for a professional website with contacts, active social media, and LinkedIn profiles. Verify details across platforms and look for reviews on Glassdoor or Trustpilot to confirm legitimacy.

Never Pay to Get a Job

Legitimate employers never require payment for applications, training, background checks, or equipment. Always reject upfront payment requests or demands for bank details, even if they claim it's for purchasing necessary work gear on your behalf.

Safeguard Your Personal Information

Protect sensitive data like SSN, bank details, or ID copies. Share this only after accepting a formal, written job offer. Ensure it's submitted via a secure company system or portal, never through insecure channels like standard email attachments.

Scrutinize Communication & Interviews

Watch for communication red flags: poor grammar, generic emails (@gmail), vague details, or undue pressure. Be highly suspicious of interviews held only via text or chat apps; legitimate companies typically use video or phone calls.

Beware of Unrealistic Offers

If an offer's salary or benefits seem unrealistically high for the work involved, be cautious. Research standard pay for similar roles. Offers that appear 'too good to be true' are often scams designed to lure you into providing information or payment.

Insist on a Formal Contract

Always secure and review a formal, written job offer or employment contract before starting work or sharing final personal details. Ensure it clearly defines your role, compensation, key terms, and conditions to avoid misunderstandings or scams.

More tips for finding safe remote work

Subscribe Newsletter

Never miss a remote job opportunity. Subscribe to our newsletter today and receive exclusive job alerts, career advice, and industry insights delivered straight to your inbox.