Senior Backend Engineer, Security

Shelf is a company with over 100 employees operating in multiple U.S. states and European countries. It has raised over $60 million in funding from investors including Tiger Global, Insight Partners, and Connecticut Innovations. The company focuses on knowledge management and AI domain expertise, delivering enterprise SaaS solutions with innovative capabilities and strong customer satisfaction. The backend technology stack includes TypeScript/Node.js, AWS, Azure, PostgreSQL/Aurora, DynamoDB, Elasticsearch, S3, queues, observability tooling, CI/CD, and infrastructure-as-code.

• Strong senior-level backend engineering experience in production systems.
• Hands-on experience implementing security improvements in code, infrastructure, or operational workflows.
• Experience with application-security topics such as authentication, token handling, access control, audit trails, logging, secrets management, vulnerability remediation, and incident follow-through.
• Strong debugging and investigative skills to trace issues through code, logs, and system behavior.
• Ability to work across multiple services and repositories.
• Ownership from problem statement to implementation and enforcement.
• Clear written and verbal communication to explain risks, trade-offs, and follow-up work.
• AI-native working style with experience using AI tools in daily engineering workflows and verifying their output.

Strong Plus:

• Experience improving security posture after real incidents or near-miss events.
• Experience with AI-security, OWASP LLM frameworks, or securing LLM-enabled systems.
• Experience improving queryability, logging, and forensic visibility for incident response.
• Experience moving systems from weak defaults to safer patterns such as stronger token handling or better credential models.

• Find and fix concrete security issues in production systems.
• Improve token lifecycle, revocation, auth flows, auditability, and access controls across backend systems.
• Reduce or eliminate security-sensitive data exposure in logs, events, traces, and internal tooling.
• Improve security detection, logging, and audit trails to facilitate incident detection, investigation, and containment.
• Rotate secrets, reduce long-lived credentials, tighten access, and follow through on overdue security hygiene work.
• Review security findings from scanners and assessments, separate signal from noise, fix valid issues quickly, and improve underlying architecture.
• Sweep broadly across many repositories and services when necessary, beyond local ownership boundaries.
• Contribute to AI-security and modern application-security work, including risks introduced by new AI initiatives.
• Write technical documentation, post-incident follow-ups, and implementation notes to maintain security improvements after initial fixes.

Location – Warsaw, work from the office.