Job Title

EvenUp is on a mission to close the justice gap using technology and AI. We empower personal injury lawyers and victims to get the justice they deserve. Our products enable law firms to secure faster settlements, higher payouts, and better outcomes for victims injured through no fault of their own in vehicle collisions, accidents, natural disasters, and more. We are one of the fastest-growing vertical SaaS companies in history, and we are just getting started. EvenUp is backed by top VCs, including Bessemer Venture Partners, Bain Capital Ventures, SignalFire, and Lightspeed. We are looking to expand our team with talented, driven, and collaborative individuals who seek to have a lasting impact. Learn more at www.evenuplaw.com. Life as an Engineer at EvenUp Location & Work Model This is a hybrid role, with an expectation of being in our Toronto office three days per week. About the Team EvenUps infrastructure team is growing rapidly to support the companys mission of ensuring personal injury victims receive fair compensation. With ambitious goals to double the size of our engineering team by the end of 2026, we are looking for a handson Senior Security Engineer to lead and scale our security efforts. Youll work across functions to design and maintain secure infrastructure, evaluating whether to build or buy solutions as we grow. Your work will be critical in safeguarding our AInative document generation platform, trusted by attorneys with over $1.5B in damages claimed to date. As a Staff Security Engineer at EvenUp, you will set security strategy, collaborate with crossfunctional partners, and drive major initiatives that secure customer data, our products, and our companys reputation. Responsibilities Risk Management: Identify and address security risks through comprehensive assessments, mitigation strategies, and execution. Code and Network Security: Ensure secure coding and implement systems to protect against unauthorized access and data breaches. Incident Response: Develop and execute incident response plans, conduct forensic analysis, and take preventive measures. Compliance and Ethics: Maintain compliance with regulations and industry standards, promote transparency, and address ethical concerns. Continuous Monitoring: Establish realtime monitoring systems, conduct regular assessments, and proactively respond to threats. Vendor & ThirdParty Security: Evaluate and secure thirdparty integrations to prevent vulnerabilities. Security Training: Educate and raise awareness for security best practices across the engineering team. Documentation & Reporting: Maintain uptodate documentation on protocols, incidents, and improvements; report regularly to stakeholders. Mentorship: Mentor and guide team members to build security expertise across the engineering organization. What We Look For 8+ years in a securityfocused engineering role, with handson technical architecture, implementation, and oversight experience Expertise in SAST/DAST, application security, and CI/CD pipeline integration Deep knowledge of AIspecific threats (prompt injection, model poisoning, membership inference, adversarial perturbation, output manipulation) Experience implementing security principles, operating system and web application security, and familiarity with the OWASP Top 10 and common threat tactics Knowledge of nextgeneration security technologies (SASE, CASB, RASP) Handson experience with patch management, software supply chain security, and artifact repositories (e.g., JFrog, Snyk) Strong programming or scripting skills in at least one language (e.g., Python, Ruby, Node.js) Relevant cybersecurity certification (CISSP, CISM, CISA, CRISC, GIAC, etc.) Uptodate on technology and vulnerability trends; ability to secure cloud computing applications and ecosystems Application/infrastructurelevel security design experience, including modern mitigation techniques (e.g., DNSSEC, cryptographic fundamentals) Strong automation skills with Python Nice to Have: Infrastructureascode or configuration management language fluency Security controls design and implementation experience GCP security architecture exposure Security compliance implementation (SOC2, HIPAA, CCPA) Penetration testing (web and infrastructure) Data loss prevention (DLP) Experience with Kubernetes #LI-Hybrid EvenUp has been made aware of fraudulent job postings and unaffiliated third parties posing as our recruiting team please know that we have no affiliation or connection to these situations. We only post open roles on our career page evenuplaw.com/careers or reputable job boards like our official LinkedIn or Indeed pages, and all official EvenUp recruitment emails will come from the domains @evenuplaw.com, @evenup.ai, @ext-evenuplaw.com, [email protected] or [email protected] email addresses. To ensure fairness and proper consideration, we do not accept resumes or expressions of interest via email or social media messages. If youre interested in a role, please submit your application directly through our careers page. Please note the above benefits & perks are for fulltime employees Benefits & Perks: As part of our total rewards package, we offer attractive benefits and perks to our employees, including: Choice of medical, dental, and vision insurance plans for you and your family Additional insurance coverage options for life, accident, or critical illness Flexible paid time off, sick leave, shortterm and longterm disability 10 US observed holidays, and Canadian statutory holidays by province A home office stipend 401(k) for USbased employees and RRSP for Canadabased employees Paid parental leave A local inperson meetup program Hubs in SanFrancisco and Toronto EvenUp is an equal opportunity employer. We are committed to diversity and inclusion in our company. We do not discriminate based on race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status. #J-18808-Ljbffr