At Qodo, we're building an AI Code Review platform designed to help developers move fast, ship with confidence, and elevate code quality across the SDLC.

We're looking for a Head of Security to build, lead, and scale our security program across product, infrastructure, and internal operations. This is a hands-on leadership role in which you will define our security strategy, drive execution, and ensure that our customers, partners, and employees can trust our platform and data handling. If you’re passionate about building secure, robust systems from the ground up and fostering a culture of security awareness, this role is for you.

Responsibilities:

• Define and own the company-wide security strategy, roadmap, and policies
• Implement secure-by-design practices into the development lifecycle, and partner with engineering to embed security tooling, processes, and automation
• Drive and innovate in how to secure LLM systems (e.g. guardrails, prompt injection protections, MCP authorizations)
• Lead threat modeling, secure code reviews, and vulnerability management
• Design, build and operate our cloud posture management (e.g., AWS/GCP, networking, IAM, secrets management)
• Lead incident response, including preparation, detection, mitigation, root-cause analysis, and communications
• Lead efforts related to privacy, data lifecycle, and regulatory readiness - including owning our compliance initiatives (SOC 2, ISO 27001, GDPR, etc.)
• Act as the security representative in customer and partner discussions

Requirements:

• 6+ years of experience in security leadership roles, overseeing security engineering, cloud security, and application security
• Strong hands-on technical skills with modern cloud environments and security tooling
• Experience owning security programs, roadmaps, and policies end-to-end
• Solid understanding of CI/CD pipelines, SDLC security, and DevSecOps best practices
• Experience with incident response, vulnerability management, and threat modeling

Nice-to-Haves

• Experience in AI companies, data-intensive platforms, or developer-focused products
• Past work with SOC 2 / ISO frameworks or privacy regulations
• Ability to balance pragmatic risk management with startup agility
• Strong communication skills and comfort interacting with customers