About the Role:
We're hiring a Staff Backend Software Engineer for our Product & AI Security Engineering team. You'll own and evolve the security foundations behind Gusto's products and AI/LLM experiences-from authentication and authorization at scale to securing core services and data.You'll define and own security architecture and standards across Gusto's products and AI/LLM experiences - setting the direction for authentication, authorization, and safe data handling, and building the platforms and guardrails that other teams rely on.
About the Team:
The Product & AI Security Engineering team sits at the intersection of product, platform, and AI at Gusto. We prioritize highleverage projects that reduce risk, harden our foundations, and unlock faster delivery for other teams. We build security tools and services, embed with partner teams when needed, and set best practices for authentication, authorization, and safe data handling-especially as we adopt AI and LLMs.
Here's what you'll do day-to-day:
- Design, build, and operate authentication and authorization systems that work at Gusto scale.
- Strengthen core services and data protections, including access control, storage, and APIs.
- Detect and mitigate account takeover and other abuse, improving safety for our customers.
- Build security platforms and tooling that help product and AI teams move quickly and safely.
- Own and improve high-availability security and identity services that other teams depend on.
- Tackle ambiguous AI/LLM security problems from threat modeling to practical mitigations.
- Provide leadership in promoting security and software engineering excellence.
Here's what we're looking for:
- 10+ years of experience as a backend engineer, building and operating large-scale server-side services and APIs
- Proven track record building secure, highly available distributed systems and services.
- Hands-on experience with modern security tooling and practices (e.g., SAST, DAST, SIEM, SCA).
- Proficiency in one or more of: Ruby, Python, Kotlin, JavaScript/TypeScript
- Experience with AI tools for coding (ex: Cloud Code, Cursor, Github Copilot)
- Strong collaboration skills and comfort breaking down complex, crosscutting security and AI problems into clear, practical solutions.
Required:
- Strong backend software engineering skills - you write clean, scalable, well-tested code
- Experience building and operating high-availability services at scale
- Ability to partner cross-functionally and communicate technical tradeoffs clearly
- Genuine interest and desire to grow within the security domain - you don't need to have worked in security before, but you're excited to get started.
Nice to have:
- Experience with authorization platforms/policy engines (e.g., Open Policy Agent, SpiceDB) and technologies like GraphQL, gRPC, Kubernetes, Terraform, Traefik, Flask, Okta.
- Experience with authentication and authorization, such as SAML/SSO, RBAC, and ABAC.
- Familiarity with security concepts like access control, abuse detection, or data protection
- Prior work on security tooling or platforms
Our cash compensation amount for this role is targeted at $181,000-215,000 in Denver & most remote locations, and $218,94-260,000 in the San Francisco Bay Area, Seattle, and NYC. Stock equity is additional. Final offer amounts are determined by multiple factors including candidate experience and expertise and may vary from the amounts listed above.