At Qodo, we're building an AI Code Review platform that helps developers move fast, ship with confidence, and elevate code quality across the SDLC through deep, scalable codebase understanding.

We're seeking a Security Lead to join our team. This role is ideal for someone who can shape Qodo’s security foundations from the ground up. You’ll solely build, lead and scale our security program across product, infrastructure and internal operations. This is a hands-on leadership role in which you will define our security strategy, drive execution, take ownership of maintaining security within our cloud environment and ensure that our customers, partners and employees can trust our platform and data handling.

Responsibilities

• Lead as Qodo’s first and only security leader, defining and owning the company-wide security strategy, roadmap, and policies while operating hands-on across application, cloud, and AI security, and partnering closely with management, engineering, customers, and external stakeholders.
• Embed secure-by-design and secure-by-default practices into the SDLC, partnering with engineering on threat modeling, secure code reviews, SAST/DAST, vulnerability management, and integrating practical, developer-first security solutions directly into development workflows.
• Manage hands-on application and cloud security execution, reviewing code, hardening services, improving AWS/GCP configurations, IAM, networking, and secrets management, building cloud posture management, and integrating security into CI/CD, containers, and infrastructure-as-code.
• Drive LLM and GenAI security innovation, implementing guardrails, prompt injection protections, MCP authorizations, and AI-specific security controls to ensure resilient and safe AI-powered systems.
• Own incident response and security operations end-to-end, including preparation, detection, mitigation, root-cause analysis, remediation, communications, and developing internal standards, playbooks, and automation to scale the function from scratch.
• Lead privacy, data lifecycle, and compliance initiatives, owning SOC 2, ISO 27001, GDPR, and regulatory readiness, while representing security in customer and partner discussions and translating technical controls into business assurance.
  
  

Requirements:

• Strong hands-on application and security engineering experience, with deep expertise in modern cloud environments, cloud-native security, and secure software development
• Proven ownership of end-to-end security programs, including defining and executing roadmaps, policies, and cross-domain security initiatives
• Deep knowledge of SDLC security and DevSecOps, covering CI/CD, container security, infrastructure-as-code, and embedded security controls in engineering workflows
• Hands-on experience with application security tooling, including SAST, DAST, SCA, runtime monitoring, vulnerability management, and threat modeling
• Practical experience leading incident response and remediation, including preparation, detection, post-incident improvements, and guiding developers through secure coding and remediation discussions
• Ability to review and understand code in at least one modern programming language, and work closely with developers on secure code reviews and implementation fixes
  
  

Advantages

• Security certifications (e.g., AWS Security Specialty, CISSP).
• Experience with IaC tools, scripting, or programming (Terraform, Python, Bash, etc.).
• Familiarity with network security fundamentals.
• Experience using or evaluating AI for security problem-solving.
• Past work with SOC 2 / ISO frameworks or privacy regulations