hybrid

Staff Software Engineer, Security & AI Platform

Gusto is seeking two Staff Software Engineers for their Product & AI Security Engineering team. In this role, you will be responsible for defining and evolving security foundations, architecture, and standards for Gusto's products and AI/LLM experiences, focusing on authentication, authorization, and safe data handling. You will design, build, and operate security systems, strengthen core service protections, and build security platforms and tooling for product and AI teams.

About the role

About the Role

We’re hiring two Staff Engineers for our Product & AI Security Engineering team. You’ll own and evolve the security foundations behind Gusto’s products and AI/LLM experiences—from authentication and authorization at scale to securing core services and data. You'll define and own security architecture and standards across Gusto's products and AI/LLM experiences — setting the direction for authentication, authorization, and safe data handling, and building the platforms and guardrails that other teams rely on.

Here’s what you’ll do day-to-day:

Design, build, and operate authentication and authorization systems that work at Gusto scale.
Strengthen core services and data protections, including access control, storage, and APIs.
Detect and mitigate account takeover and other abuse, improving safety for our customers.
Build security platforms and tooling that help product and AI teams move quickly and safely.
Own and improve high-availability security and identity services that other teams depend on.
Tackle ambiguous AI/LLM security problems from threat modeling to practical mitigations.
Provide leadership in promoting security and software engineering excellence.

Here’s what we're looking for:

10+ years of experience as a backend engineer, building and operating large-scale server-side services and APIs.
Proven track record building secure, highly available distributed systems and services.
Hands-on experience with modern security tooling and practices (e.g., SAST, DAST, SIEM, SCA).
Proficiency in one or more of: Ruby, Python, Kotlin, JavaScript/TypeScript.
Experience with AI tools for coding (ex: Cloud Code, Cursor, Github Copilot).
Strong collaboration skills and comfort breaking down complex, cross‑cutting security and AI problems into clear, practical solutions.

Required:

Strong backend software engineering skills — you write clean, scalable, well-tested code.
Experience building and operating high-availability services at scale.
Ability to partner cross-functionally and communicate technical tradeoffs clearly.
Genuine interest and desire to grow within the security domain — you don't need to have worked in security before, but you're excited to get started.

Nice to have:

Experience with authorization platforms/policy engines (e.g., Open Policy Agent, SpiceDB) and technologies like GraphQL, gRPC, Kubernetes, Terraform, Traefik, Flask, Okta.
Experience with authentication and authorization, such as SAML/SSO, RBAC, and ABAC.
Familiarity with security concepts like access control, abuse detection, or data protection.
Prior work on security tooling or platforms.

About the role

About the Role

Here’s what you’ll do day-to-day:

Design, build, and operate authentication and authorization systems that work at Gusto scale.
Strengthen core services and data protections, including access control, storage, and APIs.
Detect and mitigate account takeover and other abuse, improving safety for our customers.
Build security platforms and tooling that help product and AI teams move quickly and safely.
Own and improve high-availability security and identity services that other teams depend on.
Tackle ambiguous AI/LLM security problems from threat modeling to practical mitigations.
Provide leadership in promoting security and software engineering excellence.

Here’s what we're looking for:

10+ years of experience as a backend engineer, building and operating large-scale server-side services and APIs.
Proven track record building secure, highly available distributed systems and services.
Hands-on experience with modern security tooling and practices (e.g., SAST, DAST, SIEM, SCA).
Proficiency in one or more of: Ruby, Python, Kotlin, JavaScript/TypeScript.
Experience with AI tools for coding (ex: Cloud Code, Cursor, Github Copilot).
Strong collaboration skills and comfort breaking down complex, cross‑cutting security and AI problems into clear, practical solutions.

Required:

Strong backend software engineering skills — you write clean, scalable, well-tested code.
Experience building and operating high-availability services at scale.
Ability to partner cross-functionally and communicate technical tradeoffs clearly.
Genuine interest and desire to grow within the security domain — you don't need to have worked in security before, but you're excited to get started.

Nice to have:

Experience with authorization platforms/policy engines (e.g., Open Policy Agent, SpiceDB) and technologies like GraphQL, gRPC, Kubernetes, Terraform, Traefik, Flask, Okta.
Experience with authentication and authorization, such as SAML/SSO, RBAC, and ABAC.
Familiarity with security concepts like access control, abuse detection, or data protection.
Prior work on security tooling or platforms.

Staff Software Engineer, Security & AI Platform

About the role

About the Role

Here’s what you’ll do day-to-day:

Here’s what we're looking for:

Required:

Nice to have:

Staff Software Engineer, Security & AI Platform

About the role

About the Role

Here’s what you’ll do day-to-day:

Here’s what we're looking for:

Required:

Nice to have:

Skills