Skip to main content
TryApplyNow
Ibotta logo

Security Engineer

Ibotta
Full TimeHybrid
Hybrid - DenverPosted 4 weeks ago

Role Overview

Ibotta is hiring a Security Engineer. This is a full-time hybrid role, based in Hybrid - Denver. Part of Ibotta's Lifecycle hiring. Full responsibilities, required qualifications, and the apply link are listed in the description below.

Salary Context

Salary is not disclosed in this posting. Market median for Lifecycle roles is $100k-$140k (based on 134 comparable listings). Many employers share specifics during the interview process or after an initial screen.

Resume Keywords to Include

Make sure these keywords appear in your resume to improve ATS scoring

PythonJavaGoAWSGCPDockerKubernetesTerraform

Job description

Ibotta is seeking a Security Engineer with a deep expertise in Application Security, Vulnerability Management, and Cloud Infrastructure to join our innovative team and contribute to our mission to Make Every Purchase Rewarding. In this role, you will be ensuring the security of our software development lifecycle (SDLC) and our cloud-native environments. A key focus of this position will be addressing the emerging security challenges posed by Artificial Intelligence (AI) technologies, specifically around secure AI coding practices and the infrastructure that supports AI/ML workloads.

This position is located in Denver, Colorado as a hybrid position requiring 3 days in office (Tuesday, Wednesday, and Thursday). Candidates must live in the United States.

Not based in Denver? We will offer a relocation bonus to help make your move to the Mile High City a smooth one.

WHAT YOU WILL BE DOING:

  • Perform application security assessments, including manual code reviews and penetration testing.
  • Mature Ibotta’s bug bounty program to scale with AI generated submissions and attack surface.
  • Analyze Ibotta's application architecture to identify weaknesses and develop opportunities for improvement.
  • Integrate and manage SAST, DAST, and SCA tools within the CI/CD pipeline.
  • Lead threat modeling for new application features with key stakeholders across mobile, platform, infrastructure and AI enablement.
  • Develop and maintain secure coding practices, provide training to developers.
  • Work with Ibotta’s engineering team to design, implement, and monitor runtime and container security controls across cloud platforms (AWS/GCP).
  • Automate infrastructure security checks using Infrastructure as Code (IaC) scanning tools.
  • Evaluate the security of AI-generated code and implement guardrails for model-serving endpoints in the development process.
  • Stay ahead of the curve on AI-specific threats such as prompt injection, data poisoning, and model inversion.
  • Participate in a 24/7 on-call rotation and incident response.
  • Embrace and uphold Ibotta’s Core Values: Integrity, Boldness, Ownership, Teamwork, Transparency & A Good Idea Can Come from Anywhere

WHAT WE ARE LOOKING FOR:

  • 4+ years in security engineering, application development, or application security.
  • Proficiency in languages like Python, Go, or Java; experience with Docker/Kubernetes.
  • Basic knowledge of networking security is a plus.
  • Strong knowledge of AWS security services and IaC (Terraform). Experience writing secure IAM policies and other configurations in Terraform a plus.
  • Understanding of Continuous Integrations/Testing/Delivery
  • Strong understanding of Web API security patterns and modern authentication protocols.
  • Familiarity with OWASP Top 10 and implementing technical controls to address vulnerabilities.
  • Working knowledge of web application testing tools.
  • One or some combination of the following are a plus but not required: CompTIA SecAI+, eCPPT, eWPT, GWAPT, OSCP, or similar.
  • Must have the ability to work effectively across the organization/collaborate effectively with both technical and non-technical team members, possess excellent oral & written communications skills, and demonstrate effective problem-solving skills.
  • Experience building custom security tooling or automation scripts.

About Ibotta ("I bought a...")

Ibotta (NYSE: IBTA) is a leading performance marketing platform allowing brands to deliver digital promotions to over 200 million consumers through a network of publishers called the Ibotta Performance Network (IPN). The IPN allows marketers to influence what people buy, and where and how often they shop – all while paying only when their campaigns directly result in a sale. American shoppers have earned over $2.6 billion through the IPN since 2012. The largest tech IPO in history to come out of Colorado, Ibotta is headquartered in Denver, and is continually listed as a top place to work by The Denver Post and Inc. Magazine.

To learn more about what our Tech teams are doing day to day, visit Building Ibotta on https://medium.com/building-ibottaMedium.com http://Medium.com.

Additional Details:

  • This position is located in Denver, CO and includes competitive pay, flexible time off, benefits package (including medical, dental, vision), Employee Stock Purchase Program, and 401k match. Denver office perks include paid parking, snacks, and occasional meals.
  • Base compensation range: $115,000 - $130,000. Equity is included in overall compensation package. This compensation range is specific to the United States labor market and may be adjusted based on actual experience.
  • Ibotta is an Equal Opportunity Employer. Ibotta’s employment decisions are made without regard of race, color, religion, national origin, age, sex, marital status, ancestry, physical or mental disability, veteran status, gender identity, sexual orientation, or any other legally protected status.
  • Applicants must be currently authorized to work in the United States on a full-time basis.
  • Applicants are accepted until the position is filled.
  • For the security of our employees and the business, all employees are responsible for the secure handling of data in accordance with our security policies, identifying and reporting phishing attempts, as well as reporting security incidents to the proper channels.

Recruiting Agency Notice

Ibotta does not accept agency resumes and is not responsible for any fees related to unsolicited resumes. Please do not forward resumes to any Ibotta employees.

#LI-Hybrid

#BI-Hybrid

About Ibotta

Ibotta logo

Ibotta

LifecycleHybrid

34 other open roles at Ibotta on TryApplyNow.

Frequently Asked Questions

How do I apply for the Security Engineer position at Ibotta?

Use the Apply button above to submit your application directly to Ibotta. Most applications take less than 5 minutes if your resume and contact details are ready, and you'll be routed to the employer's official application system to finish.

Is the Security Engineer role at Ibotta remote or in-office?

This is a hybrid role based in Hybrid - Denver. Expect a mix of in-office and remote days, with the specific cadence set by the hiring manager.

What does a Security Engineer at Ibotta earn?

Ibotta has not disclosed a salary range in this posting. Many employers share specifics later in the interview process; you can also ask during a recruiter screen if compensation transparency is important to you.

When was the Security Engineer role at Ibotta posted?

This role was posted on June 10, 2026 (30 days ago). It's still listed as actively hiring; we re-confirm openings against the source system multiple times per day and remove closed roles.

AI-powered job search

Get every job scored to your resume

Upload your resume and get jobs ranked, your resume tailored, and employee contacts found automatically.

Get started free

No credit card to start