CodeRabbit is an innovative research and development company focused on building extraordinarily productive human-machine collaboration systems. Our primary goal is to create the next generation of Gen AI-driven code reviewers: a symbiotic partnership between humans and advanced algorithms that significantly outperforms individual engineers. We combine language models with human ingenuity to push the boundaries of software development efficiency and quality.
CodeRabbit is on a mission to empower developers with lean, high-performance toolsâthey move fast, and so do the threats. That's why we're looking for a battle-tested Lead Security Engineer whoâs been in the trenches and can architect, harden, and defend our infrastructure, tooling, and ecosystem.
As our Lead Security Engineer, youâll lead security engineering at CodeRabbit, infusing security into every layer of our product and infrastructure. You become the steward of resilience, incident response, and proactive defense at scale.
Own the security roadmap â craft and execute a strategic security engineering plan that aligns with CodeRabbitâs fast-paced engineering cadence.
Boost resilience â champion defense-in-depth tactics: threat modeling, secure design reviews, hardening, CI/CD integration.
Be Incident Commander â spearhead security incident response and recovery: triage, resolve, root cause, and turn those learnings into stronger systems.
Tools & automation â build or integrate security tooling (SAST, DAST, SIEM, EDR, monitoring) into the developer workflow without slowing delivery.
Embed security fluently â partner with engineering and product teams to bring secure practices early into planning and daily workflows.
Talent & culture â help to hire, coach, and mentor a scrappy, resilient security engineering team; elevate security awareness across the company.
Compliance & policy â establish security standards, frameworks, or processes that evolve as we scaleâbut remain lean and developer-friendly.
Battle-tested experience: 8+ years in security engineering, incident response, or correlated fieldsâbonus if you've led through a major production breach or targeted attack.
Technical depth: Extensive experience with security across software and infrastructureâthreat modeling, pen testing, secure CI/CD pipelines, cloud security, incident response.
Strategic mindset: Ability to translate risk into actionables, communicate tradeâoffs with engineering/product leadership.
Praxis over theory: Youâve taken production systems down (intentionally or unintentionally) and built them back stronger.
Security in chaos: Experience in pressure situationsâwith clarity, direction, and calm.
Developerâcentric approach: You can speak fluent dev-tools, empathize with fast-moving teams, and secure them without slowing them down.
Youâve implemented DevSecOps tooling and orchestrated shiftâleft security in developer pipelines.
Youâve recovered from (or prevented) a critical security event, and turned that into an engineering culture improvement.
Experience in a devâtools, SDK, or platform-heavy company.
Hacker mindset + operational discipline - pentests, disaster recovery, threat hunting, tooling, cloud environments.
Certifications like CISSP, CISM, CEH, or relevant cloud security certs.
Defend a Developer-First Future: At CodeRabbit, youâre not just protecting infrastructureâyouâre securing the next evolution of developer tools. Help fortify a product thatâs reshaping how code gets reviewed.
Real Authority & Ownership: You wonât be on the sidelines. As Lead Security Engineer, youâll define the security roadmap, lead critical incident responses, and gain full ownership of outcomesâfrom threat modeling to hardened deployment.
Impact at Velocity: Join an agile, cross-functional squad of engineers, designers, and researchers. Youâll move fast but not recklessly - embedding security in every release without slowing delivery.
Build, Break, Rebuild Stronger: Ideal for someone battle-tested; someone who's faced breaches, recovered systems, and evolved engineering culture through adversity.
Grow and Lead: We're investing in you. This role offers ongoing leadership development, mentorship opportunities, and real ownership as you eventually scale your team and operations.
Compensation That Reflects Responsibility: We deliver a competitive packageâsalary, equity, and benefitsâto match the importance and intensity of this role.
Hybrid Culture That Adapts to You: We collaborate in person in the Bay Area every week, but leave room for remote heads-down focus. Itâs security, not surveillance.
đ€ Collaborative Humans: Prioritizing collective intelligence
đ Fearless Innovators: Turning obstacles into growth opportunities
đȘ Persistent, Passionate Developers: Thriving on complex, long-term challenges
đŻ Impact-Driven Creators: Crafting intuitive tools for developers
đ§ Rapid Learners and Un-learners: Adapting quickly in our fast-paced technological world
Apply Now â If you're excited to build tools that blend intelligent systems with world-class software engineering, we'd love to meet you.
coderabbit