Staff Engineer - Product Security

About this role:

Faire operates at serious scale — a global marketplace handling real money movement, sensitive business data, and the financial futures of hundreds of thousands of independent retailers and brands. Security here isn't a compliance checkbox. It's a core part of how we build, and how we grow.

We've built solid security foundations. Now we're looking for someone to take them to the next level — designing the architecture and automation that lets product engineers build securely by default, without friction. If you're energized by the challenge of making security invisible to developers while making it impossible to skip, this role was written for you.

Our Engineering organization owns the software that makes our marketplace work. Our Product Security team enables product engineering teams to develop and deploy secure software that makes that happen. We care about good engineering practice and love to write software that is secure, tested, easy to maintain, and can scale to millions of users. We build scalable, reusable frameworks; consult with product teams; listen to the data; and iterate.

As a Staff Software Engineer, Product Security, you'll be a senior technical contributor on the Product Security team -- driving the design, implementation, and automation of security systems across Faire's entire application stack. You will partner closely with Platform and Product Engineering teams to identify and mitigate security risks, lead major security initiatives, and mentor engineers across the company to raise the bar on secure engineering practices.

You will also drive cross-functional programs to ensure security is deeply integrated into our architecture, pipelines, and developer experience -- reducing risk while maintaining velocity.

Why now:

Faire has spent the last few years scaling fast -- expanding globally, growing to hundreds of thousands of retailers and brands, and building the infrastructure to match. Security has kept pace, but we've reached an inflection point. The foundations are in place. What's next requires a different kind of thinking: less reactive, more architectural. Less manual review, more automation baked into every pipeline and framework from day one.

This is a role with real room to grow. The person who takes this seat will have the opportunity to expand their technical leadership scope over time, including into infrastructure security.

What you'll own:

• Lead the design and implementation of high-impact, reusable frameworks for security use cases such as authentication, authorization, secrets management, and data protection.
• Architect and automate security controls within our development and deployment pipelines -- enabling proactive prevention, detection, and remediation of vulnerabilities at scale.
• Partner with senior engineering and platform leaders to influence system design, threat models, and architecture decisions that strengthen Faire's overall security posture.
• Drive strategic cross-functional initiatives, collaborating with Platform, Infrastructure, Risk, and Compliance teams to integrate security deeply into our technical and operational foundations.
• Mentor and guide engineers across the organization, raising the bar for secure software design, technical rigor, and security-first thinking.
• Lead complex investigations and incident response efforts, ensuring rapid, effective remediation and continuous improvement of our security systems.
• Stay ahead of emerging threats and technologies, incorporating modern security practices and automation into Faire's engineering ecosystem.

What you bring:

• Deep expertise in software security architecture and engineering, with a proven ability to design and scale security frameworks across a large, distributed system.
• Strong programming skills and experience in multiple languages (e.g., Kotlin, Python, TypeScript, Java, or Go), with the ability to influence engineering design through code and review.
• A track record of technical leadership -- driving company-wide or cross-organizational initiatives that improved security posture, developer experience, or system resilience.
• Experience building and deploying security automation at scale, including CI/CD integrations, vulnerability management pipelines, and automated testing or remediation frameworks.
• Hands-on experience with cloud environments and modern infrastructure (AWS, OCI, GCP), including Kubernetes, Terraform, and container security.
• A deep understanding of application security principles and practices, including authentication, authorization, data protection, and common web application vulnerabilities (OWASP Top 10).
• A strategic mindset -- you can balance risk reduction with engineering velocity and developer enablement.
• Excellent communication and collaboration skills, with the ability to influence senior leaders and guide engineering teams across multiple domains.
• A passion for mentoring others and cultivating a security-first engineering culture through partnership, guidance, and empathy.

Technologies we use and teach:

• Kotlin, TypeScript, Python
• AWS, OCI, Terraform, Kubernetes
• HTTP, JSON, and Protocol Buffers
• MySQL, DynamoDB, CockroachDB

Salary range:

Canada: The pay range for this role is $190,500 - 262,000 per year.

This role will also be eligible for equity and benefits. Actual base pay will be determined based on permissible factors such as transferable skills, work experience, market demands, and primary work location. The base pay range provided is subject to change and may be modified in the future.