WHO WE ARE: MagicSchool is the premier generative AI platform for teachers. We're just over 2 years old, and more than 7 million teachers from all over the world have joined our platform. Join a top team at a fast growing company that is working towards real social impact. Make an account and try us out at our website and connect with our passionate community on our Wall of Love. ## Responsibilities
In this role, you will be responsible for driving towards the following outcomes:
Secure Development Lifecycle & Vulnerability Management: Champion secure development practices including threat modeling, code reviews, and dependency monitoring. Lead the implementation and ongoing management of StackHawk and GitHub Advanced Security for automated scanning, triage emerging threats like compromised packages and zero-day disclosures, and build developer-friendly workflows that integrate security without sacrificing velocity. - Infrastructure & Architecture Security: Partner with IT and engineering leadership to maintain core security infrastructure - including firewall management, content filtering, and privilege access controls. Serve as a trusted security advisor in architecture conversations, helping teams design systems that are secure by default across AWS, Google Cloud, and on-prem environments. - Own the end-to-end IAM security strategy across cloud (AWS, GCP), SaaS, and internal tooling — including identity lifecycle management, SSO/SAML/OIDC configuration, role-based and attribute-based access controls, and zero-trust access patterns. Partner with IT and engineering to enforce least-privilege principles, govern developer and service account access, and build scalable access review processes that hold up under SOC 2 scrutiny. - Design and execute threat modeling exercises tailored to the unique attack surface of an AI-powered EdTech platform - including student data exposure, AI model misuse, and high-risk windows such as fundraising cycles. Plan and oversee red team assessments, either internally or through third-party partners. - Serve as first responder and on-call point of contact for security incidents. Own and evolve incident response playbooks, lead postmortems, and run internal enablement programs - including workshops and simulations - that build security awareness and readiness across engineering and staff. - Partner with IT and Compliance to support SOC 2, FERPA, and COPPA programs, and ensure engineering efforts stay aligned with our regulatory commitments. ##
Identity & Access Management:
Red Teaming & Threat Assessment:
Incident Response & Preparedness:
Cross-Functional Alignment:
Qualifications/Competencies/Skills
To be successful in this role, you’ll bring the following skills and competencies:
Security Expertise & Tooling: Hands-on experience with SAST, DAST, and SCA tooling - ideally including StackHawk and GitHub Advanced Security - and cloud-native security within AWS and/or Google Cloud. Prior involvement in offensive security or red teaming. - Threat Modeling & Architecture: Strong experience conducting or facilitating threat modeling using formal frameworks (e.g., STRIDE, PASTA) or lightweight iterative approaches. Comfortable serving as a security advisor in live architecture conversations. - Technical Depth & Developer Partnership: You work directly inside engineering teams — through pull request feedback, pair programming, architecture reviews, and daily Slack presence — embedding security into the development workflow rather than reviewing it after the fact. You're a hands-on technical contributor first, and you measure success by the security improvements shipping in code. - AI Application Security: Experience securing LLM-integrated or AI-powered products, with an understanding of the unique threat surfaces they introduce. - Communication & Influence: Ability to translate complex security topics for both technical and non-technical stakeholders. Skilled at building cross-functional trust and coaching engineers on security principles without compromising developer velocity. ## Experience
To be successful in this role, you’ll bring the following experience and qualifications:
At least 5 years of experience in application or cloud security, with a track record of advancing security practices in fast-paced engineering environments. - Proven track record of embedding directly into engineering teams - improving security posture, reducing vulnerability exposure, and building developer trust without compromising velocity. Nice to Have:
Experience supporting security components of SOC 2, FERPA, or COPPA programs
Experience with StackHawk, GitHub Advanced Security, or comparable SAST/DAST tooling
Familiarity with AI/LLM application security or threat modeling for AI-integrated products
Experience in EdTech or other compliance-heavy B2B SaaS environments (SOC 2, FERPA, COPPA)
Prior experience as a solo or small-team security function in a high-growth startup