About this role
Company Overview
Promise modernizes how government agencies and utilities support people in financial difficulty. We build technology that makes it simple for residents to receive benefits, engage with assistance programs, set up flexible payment plans, and stay on track—while helping agencies increase efficiency, recover revenue, and deliver services with dignity. Our mission is to transform public systems so they work better for everyone, especially the most vulnerable.
Our team includes experts from companies like Palantir, Google, Stripe , and esteemed government leaders. We work hard and believe deeply in what we do. We're looking for excellent people to build innovative, resilient technology.
Backed by over $50 million in funding from top investors – such as Reid Hoffman, Howard Schultz, Michael Seibel, Y Combinator, 8VC, The General Partnership, First Round Capital, Kapor Capital, XYZ Ventures, and Bronze Investments – Promise has been recognized as one of Fast Company's "World's Most Innovative Companies of 2022,” “Forbes Next Billion-Dollar Startups 2024,” and Y Combinator’s #1 GovTech startup.
About the RoleWe’re hiring a Founding Security Engineer to be our first dedicated security generalist who operates across the full security surface area - writing detection rules, hardening cloud infrastructure, and shipping security improvements through code.
Our security team orients around enabling Promise and its clients while guaranteeing a high standard of security. We look for ways to solve problems together with security as one of the key outcomes.
What you’ll doBuild and run detection: write, tune, and respond to Python-based rules to catch anomalous activity and improve signal-to-noise.
Partner with our Infrastructure team to secure GCP + cloud networking and improve Kubernetes security.
Strengthen application security and help make pragmatic upgrades (e.g., Next.js, dependencies).
Improve security through code + automation (guardrails, checks, remediation workflows).
Own vulnerability management end-to-end: identify, prioritize, and drive fixes to closure in coordination with codeowners
Help build a strong security culture through clear guidance, training, and partnership with engineers.
Develop technical and policy frameworks to guide ambitious and safe AI adoption company-wide.
Collaborate closely with engineering on secure product design and technical implementation.
What we’re looking for5–8 years of experience, with meaningful time focusing on security.
Strong understanding of cloud security + networking (GCP preferred).
Comfortable reading code and shipping fixes; Python scripting strongly preferred.
Experience operating security tooling (endpoint/EDR, MDM, audit logging/alerting, CSPM).
Familiarity with GitHub, Terraform, and CI/CD security fundamentals.
Desire to enable innovation and development
Nice to haveWAFs / web app security controls
Threat modeling experience
Deep Kubernetes hardening/runtime experience
How We Support Our People100% paid health coverage
Generous PTO and sick leave
Lunch, snacks, and coffee provided
Company retreats
Hybrid Work: We deeply value in-person collaboration and are in-office or on-site at least four days a week.
Promise is an equal opportunity employer and does not discriminate against any applicant or employee because of race, color, religion, sex, sexual orientation, gender identity, national origin, disability, genetic information, age, or military or veteran status. Additionally, the Company complies with applicable state and local laws governing non-discrimination in employment in every jurisdiction in which it operates. Promise is committed to promoting diversity and inclusion in the workplace. We also provide reasonable accommodations to qualified individuals with disabilities, pregnant individuals, and those with sincerely held religious beliefs, in accordance with applicable laws. To request a reasonable accommodation, please email [email protected].
Promise engages in US government contracts and restricts hiring to US persons, which includes US citizens and permanent residents (e.g., Green Card holders). Additionally, candidates must reside in the US.