Staff Security Engineer

Karbon is the global leader in practice management software for growth‑minded accounting firms. We provide an award‑winning, highly collaborative cloud platform that streamlines work and communication, enabling the average accounting firm using Karbon to save 18.5 hours per week, per employee. We have customers in 34 countries and have grown into a globally distributed team, with our people based throughout the US, Australia, New Zealand, Canada, the United Kingdom, and the Philippines. We are well‑funded, ranked #1 on G2, and are building a fantastic team culture that grows rapidly and makes a global impact. Staff Security Engineer (Development & Cloud Focused) Seeking a Staff Security Engineer to join a newly formed security team focused on uplifting and maintaining Karbon’s security practices. The ideal candidate will have a passion for AppSec and be a skilled communicator and relationship builder capable of promoting and building security practices across the organization and into our development processes. Key Responsibilities Balance security and delivery — you know how to balance delivery needs with security and can communicate security risks and issues to non‑technical stakeholders. You understand when it’s important to push back, when to compromise, and how to work with delivery teams to reach a great outcome. Work effectively as part of a team — security is a team sport and you understand the need to build relationships and trust across the organization to enhance Karbon’s security posture. You are happy to answer questions and offer advice to teams that reach out for your assistance. Build and maintain — our security team is young and you are excited to bring your ideas to contribute to Karbon’s security roadmap. You keep up to date on the latest technologies and approaches but understand the importance of foundational security practices such as good account hygiene, MFA, and secret management. Autonomy — you are inherently curious, focused on continual learning, and faced with challenges and direction rather than predefined solutions; you engage fully and creatively with problems. Own your work — you take pride in your work, feeling a deep sense of responsibility for the products we develop and ensuring we keep our customers’ valuable data secure. This sense of ownership is paramount, and you share this commitment. Bring your passion and personality — your creativity, curiosity, and authentic self make the team stronger. If you’ve worked in highly political environments, you will find our culture, free from office politics and valuing openness and authenticity, a refreshing change. Qualifications 7+ years experience in a security or development role across most of the following: Collaborating with teams to review designs & implementations for security issues and embedding good security practices. Contributing to and helping drive a security roadmap. Conducting risk and vulnerability assessments of web applications and APIs and working with third‑party penetration testing companies. Triaging issues and reports and assisting teams in remedying items. Configuring and tuning SAST, SCA, and DAST tooling & WAF protections. Working with build/deployment pipelines to incorporate security tooling (GitHub Actions or Azure DevOps YAML based pipelines). Implementing security‑focused alerting and detections and automations. Conducting and facilitating organizational & developer‑focused security training. Assisting with operational security items such as EDR alerts and MDM. In addition you’ll need: Strong communication skills (spoken and written). Some of the following languages/frameworks: Microsoft .NET/C#, JavaScript, Python (we use React and EmberJS). At least one cloud platform: Azure, AWS or GCP (we use Azure predominantly). Portswigger Burp or similar. Working knowledge of PowerShell or Bash and Python. Certifications such as Offsec OSCP & AWAE, GIAC, Burp Practitioner, PJPT, Microsoft/AWS development and cloud‑related are nice to have. Why work at Karbon? Gain global experience across the USA, Australia, New Zealand, UK, Canada and the Philippines. 4 weeks annual leave plus 5 extra “Karbon Days” off a year. Flexible working environment. Work with (and learn from) an experienced, high‑performing team. Be part of a fast‑growing company that firmly believes in promoting high performers from within. A collaborative, team‑oriented culture that embraces diversity, invests in development, and provides consistent feedback. Generous parental leave. Karbon embraces diversity and inclusion, aligning with our values as a business. Research has shown that women and underrepresented groups are less likely to apply to jobs unless they meet every single criteria. If you’ve made it this far in the job description but your past experience doesn’t perfectly align, we do encourage you to still apply. You could still be the right person for the role We recruit and reward people based on capability and performance. We don’t discriminate based on race, gender, sexual orientation, gender identity or expression, lifestyle, age, educational background, national origin, religion, physical or cognitive ability, and other diversity dimensions that may hinder inclusion in the organization. Generally, if you are a good person, we want to talk to you. If there are any adjustments or accommodations that we can make to assist you during the recruitment process, and your journey at Karbon, contact us at for a confidential discussion. At this time, we request that agency referrals are not submitted for this position. We appreciate your understanding and encourage direct applications from interested candidates. #J-18808-Ljbffr