Job Description

The Opportunity

We're forming a Security Enablement Team that makes it easy for every engineering team at Veo to build, ship, and operate secure systems. You'll focus on the product security slice, partnering with product teams to bake security into how we build rather than bolting it on at the end. As an enablement function, the team does not own product components day to day. We build the paved roads, tooling, and patterns that let product teams ship secure code by default. You'll join during a pivotal moment: we're standing the team up, defining what "secure by default" looks like at Veo, and rolling out the first paved roads for SDLC checks, secret handling, and safe data access patterns. You'll have direct impact on how 100+ engineers write, review and ship code. This isn't a gatekeeping or red-team role. The Security Enablement Team is enablement-first: we build paved roads and shared tooling that other teams adopt, not run components on their behalf.

What You Will Do

You'll join the Security Enablement Team with shared ownership of the team’s mission and clear focus on product security. You’ll work closely with product teams, pair on complex problems, and build reusable solutions that help teams own security in their own systems.

Build lightweight SDLC checks for unsafe queries, secrets in code, and credential handling, wired into the developer workflow

Establish patterns for safe data access, browser-side credential handling, and memory-safe handling of sensitive data

Build automated checks that surface drift when previously secured surfaces (for example, playgrounds and internal tooling) regress, so the owning teams get a signal and can act on it

Build the intake and tracking system that classifies penetration test findings on the product and surfaces them to owning teams with tracked SLAs

Create clear documentation and self-service tooling that help product engineers make secure choices without needing security expertise.

Help automate product-security control evidence for GRC, reducing manual follow-up and making controls easier to prove.

As the team matures, you'll have opportunities to shape the company's secure-by-default patterns, threat modeling practices, and the security review process for new product surfaces.

What You Could Bring

You likely have several years of production software engineering experience and have applied security thinking in real engineering workflows, not only in reviews or audits. In practice, that looks like:

Full SDLC understanding: You've shipped product code in production and understand how security fits into real engineering workflows

Practical security experience: You've surfaced and fixed issues like SQL injection, unsafe query patterns, secrets in code, and unsafe handling of credentials in the browser

Generalist depth: You're comfortable across backend, frontend, and the integration points where most security issues live.

Platform-as-product mindset: You've built or contributed to internal tooling that real teams use, gathered feedback, and measured impact on developer productivity

CI/CD familiarity: You know how to add security feedback to build and deployment pipelines without creating unnecessary friction, including checks for dependencies, secrets, static analysis, and pipeline identity.

Carrot-not-stick instinct: You build guard rails into tools developers already use, and reach for manual review only as a last resort

Collaboration: You work through discussion and feedback, share context effectively, and write things down

Nice to have: experience with SAST/DAST tooling, dependency scanning, supply chain security (SLSA, signing), and security review for cloud-native applications.

How We Work