Senior Security Engineer
We are looking for a Security Engineer to lead MCP-driven security automation with a primary focus on software supply chain security.
You will design and operate an orchestration layer MCP that connects security tooling, policy controls, and engineering workflows to prevent, detect, and respond to supply chain risks across multiple repositories and build pipelines. GHAS remains part of the ecosystem, but the core mission is to standardize, automate, and govern supply chain security end-to-end.
Responsibilities
- Build and own MCP-based orchestration: develop MCP servers/tools to automate security checks, enrichment, triage, and reporting across repos and CI/CD
- Implement guardrails and governance for MCP flows: least privilege, allowlists, input validation, secure secrets handling, audit logs, and monitoring
- Drive supply chain security program execution: dependency risk management, SBOM generation/verification, provenance and integrity controls, and policy enforcement in pipelines
- Integrate and tune security tooling (GHAS/CodeQL where relevant) to improve coverage and reduce noise across multi-repo environments
- Enable engineering teams: remediation playbooks, automation-first workflows, and measurable adoption
Requirements
- Solid experience in security engineering with a focus on automation and secure software development practices
- Hands-on expertise with CI/CD systems and integrating security controls into automated pipelines
- Proficiency in using GitHub for code management, workflow automation, and security tool integration
- Practical knowledge of Static Application Security Testing (SAST) and Interactive Application Security Testing (IAST) methodologies and tools
- Familiarity with Large Language Models (LLMs) and their application in security or automation contexts
- Understanding of Model Context Protocol (MCP) concepts or similar orchestration frameworks for connecting security tools and engineering workflows
- Strong grasp of secure coding principles, policy enforcement, and risk management in the software supply chain
- English proficiency at B2 level or higher
Nice to have
- Experience developing with Go or Python for building automation tools or security solutions
- Exposure to cloud platforms, especially Google Cloud Platform (GCP), for deploying and managing security services
- Working knowledge of Kubernetes for orchestrating containerized applications and integrating security controls
- Familiarity with Infrastructure as Code (IaC) tools such as Terraform for automating infrastructure and security configurations
