Why This Job is Featured on The SaaS Jobs
This Software Engineer role sits at a notable intersection of SaaS and modern developer infrastructure: securing the software supply chain across developer endpoints, open source dependencies, and CI/CD. For SaaS professionals, that domain matters because it is increasingly where product trust, compliance expectations, and platform adoption are won or lost, especially as AI coding agents become part of everyday workflows.
From a career standpoint, the work translates well across the SaaS ecosystem. Building backend services in Go for a security platform develops durable strengths in multi-tenant reliability, service design, and operating systems that must stay resilient under real-world adversarial pressure. Exposure to cloud primitives and end to end ownership also maps to common SaaS engineering paths, whether toward platform engineering, security engineering, or technical leadership.
The role is best suited to engineers who want to build core product capabilities rather than isolated features, and who are comfortable reasoning about risk, observability, and failure modes as first-class concerns. It will likely appeal to someone early to mid career who prefers hands-on implementation and is motivated by applied security problems without requiring a prior security-only background.
The section above is editorial commentary from The SaaS Jobs, provided to help SaaS professionals understand the role in a broader industry context.
Job Description
About StepSecurity
StepSecurity prevents, detects, and responds to software supply chain attacks by analyzing behavior across the full software development lifecycle for both developers and AI coding agents. We are building a vertical AI agent for supply chain security across three pillars: securing AI agents on developer machines, OSS package security, and CI/CD security, covering the entire agentic pipeline from dev environment to cloud.
Founded by Varun Sharma (ex-Microsoft, 21 years, led supply chain security for Azure) and Ashish Kurmi (ex-Uber, Microsoft, Plaid, 17 years), we are a 16-person team working on hard problems at the intersection of security, AI, and open source.
Why this role is exciting
- We are at the forefront of supply chain security research and product development. We were the first to detect several major supply chain attacks in 2025 and 2026, including the axios npm compromise and tj-actions. (https://www.stepsecurity.io/newsroom)
- Our research is regularly cited by Bloomberg, TechCrunch, Hacker News, and Dark Reading. The US Cybersecurity and Infrastructure Security Agency (CISA) has published advisories citing StepSecurity. (https://www.cisa.gov/news-events/alerts/2025/09/23/widespread-supply-chain-compromise-impacting-npm-ecosystem)
- Beyond our enterprise customers, StepSecurity has been adopted by more than 15,000 open-source projects, including projects from Microsoft, Google, Amazon, and Datadog.
- You will work on high-impact, zero-to-one problems with meaningful early-stage equity upside.
What you'll do
- Design and build backend services in Golang that power our supply chain security platform.
- Build scalable, fault-tolerant systems that operate across the full software development lifecycle.
- Work hands-on in a fast-moving, early-stage environment where you own problems end to end.
What we're looking for
- 2–5 years of experience with strong engineering fundamentals.
- Golang backend programming experience.
- Background working with AWS, Azure, or GCP.
- Experience designing scalable and fault-tolerant systems.
- Prior early-stage startup experience.
- An AI-native mindset and comfort in a hands-on, zero-to-one environment.
- A security background is a plus but not required.
