Senior Backend Engineer, Security

About Shelf

Shelf builds software that helps enterprises make AI work in the real world. That only works when our systems are secure, observable, and maintainable under real production pressure.

About the Role

This role is for a senior backend engineer who will focus full-time on security work.

We are not looking for a policy-only security person. We are looking for a hands-on engineer who can improve our security posture by changing real systems, fixing real problems, and following through until the work is fully implemented and maintained.

This role is embedded close to support and operational engineering, so it stays connected to real incidents, real customer impact, and real follow-through. The scope is broader than one team. You will work across the company’s engineering surface wherever security work needs to land.

What You Will Own

• Find and fix concrete security issues in production systems, not just identify them.
• Improve token lifecycle, revocation, auth flows, auditability, and access controls across backend systems.
• Reduce or eliminate security-sensitive data exposure in logs, events, traces, and internal tooling.
• Improve security detection, logging, and audit trails so incidents are easier to detect, investigate, and contain.
• Rotate secrets, reduce long-lived credentials, tighten access, and relentlessly follow through on overdue security hygiene work.
• Review security findings from scanners and assessments, separate signal from noise, fix valid issues quickly, and improve the underlying architecture where needed.
• Sweep broadly when necessary, including across many repositories and services, rather than stopping at local ownership boundaries.
• Contribute to AI-security and modern application-security work where relevant, including risks introduced by new AI initiatives.
• Write useful technical documentation, post-incident follow-ups, and implementation notes that help security work stay real after the first fix lands.

What Strong Performance Looks Like

• Security improvements actually land in production and stay maintained over time.
• Important follow-through work does not get dropped because it is tedious, cross-cutting, or spread across many repos.
• You can tell the difference between a theoretical issue and a real one, and you act with urgency when the risk is real.
• Incidents lead to better systems, tighter controls, and faster detection instead of only better wording in a document.
• Teams trust you because you improve security by doing the work, not by adding ceremony around it.

What We Are Looking For

• Strong senior-level backend engineering experience in production systems.
• Real hands-on experience implementing security improvements in code, infrastructure, or operational workflows.
• Experience with application-security topics such as auth, token handling, access control, audit trails, logging, secrets, vulnerability remediation, or incident follow-through.
• Strong debugging and investigative instincts. You can trace ugly real-world issues through code, logs, and system behavior.
• Comfort working across many services and repositories when the problem requires a broad sweep.
• Ability to go from problem statement to implementation to enforcement with real ownership.
• Clear written and verbal communication. You can explain risk, trade-offs, and follow-up work without hiding behind vague security language.
• AI-native working style. You already use AI tools in your daily engineering workflow and know how to verify their output.

Strong Plus

• Experience improving security posture after real incidents or near-miss events.
• Experience with AI-security, OWASP AI topics, or securing LLM-enabled systems.
• Experience improving queryability, logging, and forensic visibility for incident response.
• Experience moving systems from weak defaults to safer patterns such as stronger token handling or better credential models.

How We Evaluate Fit

We care more about implementation, enforcement, and follow-through than about certifications, policy language, or security theater. If you are the kind of engineer who sees a real security gap and closes it across the codebase instead of writing a recommendation and walking away, we want to talk.

What Shelf Offers:

• B2B contract.
• Company Stock Options.
• Hardware: MacBook Pro.
• Modern technical stack. Develop open-source software.
• GitHub Copilot subscription.
• Access to Claude Code, OpenAI Codex, TypingMind, and MCP Servers.

Why Shelf:

• Our Leadership Team has deep knowledge management and AI domain expertise and enterprise SaaS background to execute this plan
• We love our customers and our customers love us. Ask a Shelf customer why, and they’ll tell you it’s because of our innovative capabilities, rock-solid reliability, they truly enjoy working with our people, but most of all – it’s the improvements they see in their business KPIs.
• We have raised over $60 million in funding and our investors include Tiger Global, Insight Partners, Connecticut Innovations, and others
• We have high velocity growth powered by the most innovative product in our category, 3X growth for 3 years in a row
• We now have over 100 employees in multiple U.S. states and European countries, and we have ambitious hiring goals over the next few months

Our Values:

Quality - We’re united by our focus on world‑class Quality. Quality in all things – starting with everything that leaves your desk. Everything you touch – every email, report, campaign, and piece of code – should be outstanding. Your work product should blow people away. Having people look at what you’ve done and say, “Wow.” That’s the standard here. Remember that how you do anything is how you do everything. Focus on craftsmanship—your ability to make things better.

Momentum - for us means that you should know that the things you’re responsible for are moving forward. When you look around and see something that’s stalled, get it moving again. We pride ourselves on “ball movement.” When your boss or team leaves you with something, they should return to see measurable progress. Small, continuous movement is our recipe for success. Constantly look for how to make the work around you move forward. We want you to initiate solutions, ideas, and progress. Don’t wait for it to come to you—reach out and create movement. All the time.

Accountability - We expect every team member to feel that they are accountable for more than anyone might normally expect. Each of us should feel real responsibility for things even at the edge of our control. We consistently share and align on expectations, give each other open and respectful feedback, and use those two drivers to ensure that every agreement we make with one another is clear and complete.

Hard Work - We’re here to do something difficult together. We care intensely about the mission and we expect that from our teammates. That care means that we work hard here. Hard work comes with long hours, extra effort…and real opportunity at Shelf. Your passion for creating and sustaining output is a part of our DNA. Support each other, cheer each other on, drive the mission forward. Great teams sustain intense effort together to win.

Learning Agility - We’re innovating in one of the fastest‑moving spaces in history at a time of accelerating global change. That’s incredibly exciting and requires each of us to commit fully to learning each and every day so that we can be the best at what we do. None of us know everything. All of us can learn anything. Staying open and constantly curious is a key success driver at Shelf. It also requires humility. We prize people who are consistently humble and open to making mistakes and growing from them. Recognize also that learning itself is a skill…we need you to be really good at it. Keep dialing in your own understanding about how you learn best and push yourself to keep growing.

Adapt and Thrive - Overcoming challenges lives deep in our DNA. We have a proud history of understanding and living the reality that obstacles are our opportunities…they’re the key to our success. Change is a constant in our business and fighting change is counterproductive. We need you to be good at being uncomfortable and understand that discomfort is the key to growth. Cultivate your own ability to adapt and know that struggling well is something you’ll share with every team you’re on at Shelf. Our company stories are about thriving through real difficulty…together.

Win Together - We win or lose as a team. Always. Everything you do here is connected to the rest of the organization. Part of our shared team environment demands full honesty…real candor and directness with one another. We expect you to constantly be thinking about how to support your teammates and the company, always acting in service to our shared mission and what’s best for the organization as a whole.