SecurityEngineer

Ibotta is seeking a Security Engineer with a deep expertise in Application Security, Vulnerability Management, and Cloud Infrastructure to join our innovative team and contribute to our mission to Make Every Purchase Rewarding. In this role, you will be ensuring the security of our software development lifecycle (SDLC) and our cloud-native environments. A key focus of this position will be addressing the emerging security challenges posed by Artificial Intelligence (AI) technologies, specifically around secure AI coding practices and the infrastructure that supports AI/ML workloads.   This position is located in Denver, Colorado as a hybrid position requiring 3 days in office (Tuesday, Wednesday, and Thursday). Candidates must live in the United States.   Not based in Denver? We will offer a relocation bonus to help make your move to the Mile High City a smooth one.   WHAT YOU WILL BE DOING: - Perform application security assessments, including manual code reviews and penetration testing. - Mature Ibotta’s bug bounty program to scale with AI generated submissions and attack surface. - Analyze Ibotta's application architecture to identify weaknesses and develop opportunities for improvement. - Integrate and manage SAST, DAST, and SCA tools within the CI/CD pipeline. - Lead threat modeling for new application features with key stakeholders across mobile, platform, infrastructure and AI enablement. - Develop and maintain secure coding practices, provide training to developers. - Work with Ibotta’s engineering team to design, implement, and monitor runtime and container security controls across cloud platforms (AWS/GCP). - Automate infrastructure security checks using Infrastructure as Code (IaC) scanning tools. - Evaluate the security of AI-generated code and implement guardrails for model-serving endpoints in the development process. - Stay ahead of the curve on AI-specific threats such as prompt injection, data poisoning, and model inversion. - Participate in a 24/7