Role Overview
Collective is hiring a Staff Security Engineer. This is a full-time remote role, with the team based in San Francisco. Part of Collective's Lifecycle hiring. Full responsibilities, required qualifications, and the apply link are listed in the description below.
Resume Keywords to Include
Make sure these keywords appear in your resume to improve ATS scoring
Job description
About Collective:
Collective is on a mission to redefine the way businesses-of-one work. Our technology and team of trusted advisors help members achieve financial independence by taking care of everything from business incorporation to accounting, bookkeeping, tax services, and access to a thriving community, all in one integrated platform. We believe in empowering self-employed people to enjoy the same tax savings that big companies get, so they can focus on their passion, not paperwork.
Featured in Forbes, Business Insider, Yahoo, Bloomberg, Financial Times, TechCrunch, and more. We are backed by General Catalyst, Sound Ventures (Ashton Kutcher and Guy Oseary), QED Investors, Google’s Gradient Ventures, Expa, and other investors who have financed iconic companies like YouTube, Substack, Twitch, Box, Hims, Instacart, and Lyft.
About the role
We're hiring a Staff Security Engineer to own the security of Collective's member platform end to end — from how code is written and tested to how data is protected and how our systems authenticate. This is a senior individual contributor role with broad product-security scope: you'll embed security into the development lifecycle, lead threat modeling and security reviews across the platform, and own the authentication, authorization, and compliance systems that keep our members' financial and tax data trustworthy. As Collective expands its use of AI and agent-based workflows, you'll shape how those systems authenticate and operate securely. You'll work closely with Engineering, Product, and Legal to make security a first-class property of everything we ship — without slowing the team down.
What you'll do
- Own the end-to-end authentication and authorization architecture across Collective's member platform, including session management, role-based access control, and the emerging patterns needed to secure agent-based workflows and service-to-service communication.
- Drive CCPA compliance across the platform, partnering with Legal and Engineering to map data flows, implement required access and deletion controls, and establish ongoing audit and reporting mechanisms.
- Design and maintain Collective's static and dynamic application security testing (SAST/DAST) frameworks, integrating them into CI/CD pipelines so security feedback is fast, automated, and actionable for product teams.
- Lead threat modeling for new features and platform changes, collaborating with product engineers early in the design process to identify and address risk before it reaches production.
- Define and maintain security standards, policies, and runbooks that give engineering teams clear guardrails without slowing down delivery.
- Respond to and lead post-incident security reviews, driving root-cause analysis and translating findings into durable platform improvements.
- Evaluate and integrate third-party security tooling, staying current on the threat landscape relevant to fintech platforms handling sensitive financial and tax data.
What you'll bring:
- 8+ years of security engineering experience, with depth in application security and a track record of improving security posture on production platforms at scale.
- Strong expertise in authentication and authorization systems (OAuth 2.0, OIDC, SAML, JWT) and the nuances of securing both user-facing sessions and machine-to-machine flows, including AI agent authentication patterns.
- Hands-on experience building or owning SAST/DAST programs and embedding security testing into CI/CD pipelines; familiarity with tools like Semgrep, Snyk, Burp Suite, or equivalent.
- Working knowledge of CCPA (and ideally GDPR) compliance requirements as they apply to a SaaS platform handling personal financial data, including data mapping, subject rights workflows, and audit trails.
- Experience collaborating with Legal and Privacy teams to translate regulatory requirements into concrete engineering controls, not just documentation.
- Comfort operating as a senior individual contributor who influences platform direction without requiring a management chain to get things done — you write RFCs, lead design reviews, and bring engineers along through conviction and clarity.
- Product empathy: the ability to hold security rigor and member experience in the same frame, and to make the right tradeoffs with both in mind.
- Familiarity with AI-assisted development workflows and an interest in the security implications of agent-based systems is a strong plus.
What we offer
- Hybrid Work Model: Based in San Francisco with a balance of in-office and remote flexibility.
- Fresh Lunch: Provided on in-office days.
- Commuter Support: $150 monthly reimbursement for transit expenses.
- Health & Wellness: $200 quarterly reimbursement to support your well-being.
- Time Off: Flexible PTO plus 14 company holidays.
- Comprehensive Coverage: 100% medical, dental, and vision for employees; 75% coverage for dependents.
- Parental Leave: 16 weeks fully paid.
- Retirement & Ownership: 401k plan plus an equity package.
- Team Connection: Quarterly virtual events and an annual in-person summit.
About Collective
Collective
16 other open roles at Collective on TryApplyNow.
Frequently Asked Questions
How do I apply for the Staff Security Engineer position at Collective?
Use the Apply button above to submit your application directly to Collective. Most applications take less than 5 minutes if your resume and contact details are ready, and you'll be routed to the employer's official application system to finish.
Is the Staff Security Engineer role at Collective remote?
Yes. This is a remote role. The team is based in San Francisco, but the position itself does not require relocating to that office.
What does a Staff Security Engineer at Collective earn?
Collective has not disclosed a salary range in this posting. Many employers share specifics later in the interview process; you can also ask during a recruiter screen if compensation transparency is important to you.
When was the Staff Security Engineer role at Collective posted?
This role was posted on June 4, 2026 (35 days ago). It's still listed as actively hiring; we re-confirm openings against the source system multiple times per day and remove closed roles.
Similar Jobs
Managing Director of Client Services
Cgsfederal
Product Owner – Marketing Technology
Colibrigroup
Customer Success Manager, Enterprise
Heidihealth Com Au
Customer Success Manager (Enterprise)
Heidihealth Com Au
Head of GTM Operations
Heidihealth Com Au
More Jobs at Collective
View all →AI-powered job search
Get every job scored to your resume
Upload your resume and get jobs ranked, your resume tailored, and employee contacts found automatically.
Get started freeNo credit card to start