Menlo Security's mission is enabling the world to connect, communicate and collaborate securely without compromise. COVID-19 has made our mission all the more real. We support customers across various enterprises including Fortune 500 companies, 9/10 of the largest global banks and the Department of Defense.
The world has fundamentally changed. We are growing from 400 employees into the next phase of our journey, and we need passionate talent filled with empathy and agility. The right candidate for the job is ethical, hyper-organized, fanatical about seeing things through to completion, service-oriented, and humble enough to take feedback and coaching yet confident enough to provide feedback and coaching.
Menlo is well-funded for growth and our investors are second to none. They include Vista Equity Partners (“Vista”), General Catalyst, JPMC, American Express, HSBC, and Ericsson Ventures.
ABOUT THE ROLE
Menlo Security is seeking a Principal Software Engineer I for the R&D Policy Team. This team owns the full lifecycle of Menlo’s cybersecurity policy platform — the engine that defines how the product protects enterprise customers from web-based threats. That spans policy storage and management (authoring, versioning, and serving the rules that govern customer security posture), policy distribution (propagating policy changes reliably and at scale to enforcement points globally), and real-time enforcement (applying policies at traffic inspection time to block, isolate, or allow web activity). You will architect critical services across this stack, lead cross-functional initiatives, and help shape how the team builds software in an era where AI is a first-class engineering tool.
WHAT YOU WILL DO
Architect, design, and own services across the policy platform — from policy storage and versioning APIs, to the distribution pipeline that propagates rule changes to enforcement nodes, to the enforcement layer that applies policies at inspection time with low latency and high availability.
Evaluate the current state of policy management, distribution, and enforcement; design and lead a seamless modernization of the architecture that eliminates technical debt and scales for the future — without impacting customers or altering enforcement behavior.
Lead design reviews and gain consensus on architectural decisions within the Policy Team; keep module designs current and sign off on significant code and design changes.
Champion AI-assisted development practices (LLM-based coding assistants, automated test generation) and identify opportunities to embed ML/AI into policy features such as intelligent policy recommendations or anomaly-based threat detection.
Own complex projects end-to-end — requirements through deployment and monitoring — breaking work into well-scoped tasks for junior engineers and unblocking teammates to maintain velocity.
Partner with Product Management, Security, and Operations to align on requirements and schedules; produce accurate estimates and surface risks early.
Mentor engineers through code reviews and design discussions; contribute to documentation and knowledge transfer across teams.
WHAT YOU NEED
8+ years of hands-on backend development in Python, Node.js, or Go; 5+ years with cloud platforms (AWS or GCP), including managed Kubernetes (EKS/GKE).
Proven experience architecting distributed systems with strong reliability, scalability, and low-latency requirements — ideally in a security, networking, or high-throughput data path context.
Hands-on experience developing, debugging, and troubleshooting backend services in Linux environments; working knowledge of networking fundamentals (TCP/IP, TLS, HTTP/2, DNS, proxying) relevant to policy enforcement work.
Experience with policy or rules engines, configuration distribution systems, or real-time traffic inspection is a strong plus.
Demonstrated experience designing and executing large-scale data or schema migrations in live production systems — ideally with multi-tenant, zero-downtime, and behavioral-equivalence requirements.
Proficiency with data storage and analytics technologies such as Redis, PostgreSQL, MySQL, and Apache Druid or similar OLAP systems.
Hands-on experience with AI-assisted development tools (GitHub Copilot, Cursor, Claude Code, Gemini, or similar) and familiarity with LLM APIs and responsible AI practices in production.
Strong knowledge of HTTP security; experience with web security — URL classification, content filtering, or threat intelligence — is highly desirable.
Experience with FedRAMP, SOC 2, or FIPS 140-2/140-3 compliance frameworks is a plus.
Excellent written and verbal communication skills; proactive, self-directed, and rigorous with documentation and detail.
B.S. in Computer Science or related field required; M.S. preferred.
MSGL-I4
Follow us on LinkedIn!
Why Menlo?
Our culture is collaborative, inclusive, and fun! We have five core values: Stay Aligned, Get It Done, Customer Empathy, Think Creatively and Help Each Other Out. We believe in open communication, supporting new ideas, and sharing a mutual mindset of what we’re aiming to achieve together. There are tremendous opportunities to take initiative, implement new ideas, and have a hand in building a legacy.
All qualified applicants will receive consideration for employment without regard to race, sex, color, religion, sexual orientation, gender identity, national origin, protected veteran status, or on the basis of disability.
TO ALL AGENCIES: Please, no phone calls or emails to any employee of Menlo Security outside of the Talent organization. Menlo Security’s policy is to only accept resumes from agencies via Ashby (ATS). Agencies must have a valid services agreement executed and must have been assigned by the Talent team to a specific requisition. Any resume submitted outside of this process will be deemed the sole property of Menlo Security. In the event a candidate submitted outside of this policy is hired, no fee or payment will be paid.
