Senior Software Engineer, Product & AI Security

About Gusto At Gusto, we're on a mission to grow the small business economy. We handle the hard stuff—like payroll, health insurance, 401(k)s, and HR—so owners can focus on their craft and customers. With teams in Denver, San Francisco, and New York, we’re proud to support more than 400,000 small businesses across the country, and we’re building a workplace that represents and celebrates the customers we serve. Learn more about our Total Rewards philosophy . About the Role: We’re hiring two Senior Software Engineers for our Product AI Security Engineering team. You’ll own and evolve the security foundations behind Gusto’s products and AI/LLM experiences, from authentication and authorization at scale to securing core services and data. You’ll partner across the company to solve high-impact security problems and ship secure, reliable, AI-powered features quickly and safely. About the Team: The Product AI Security Engineering team sits at the intersection of product, platform, and AI at Gusto. We prioritize high‑leverage projects that reduce risk, harden our foundations, and unlock faster delivery for other teams. We build security tools and services, embed with partner teams when needed, and set best practices for authentication, authorization, and safe data handling, especially as we adopt AI and LLMs. Here’s what you’ll do day-to-day: Design, build, and operate authentication and authorization systems that work at Gusto scale. Strengthen core services and data protections , including access control, storage, and APIs. Detect and mitigate account takeover and other abuse , improving safety for our customers. Build security platforms and tooling that help product and AI teams move quickly and safely. Own and improve high-availability security and identity services that other teams depend on. Tackle ambiguous AI/LLM security problems from threat modeling to practical mitigations. Provide leadership in promoting security and software engineering excellence. Here’s what we're looking for: 7+ years of experience as a backend engineer , building and operating large-scale server-side services and APIs Deep experience with authentication and authorization , such as SAML/SSO, RBAC, and ABAC. Proven track record building secure, highly available distributed systems and services . Hands-on experience with modern security tooling and practices (e.g., SAST, DAST, SIEM, SCA). Proficiency in one or more of: Ruby, Python, Kotlin, JavaScript/TypeScript Experience with AI tools for coding (ex: Cloud Code, Cursor, Github Copilot) Bonus: experience with authorization platforms/policy engines (e.g., Open Policy Agent, SpiceDB) and technologies like GraphQL, gRPC, Kubernetes, Terraform, Traefik, Flask, Okta . Strong collaboration skills and comfort breaking down complex, cross‑cutting security and AI problems into clear, practical solutions. Our cash compensation amount for this role is targeted at $186,000-210,000 in the San Francisco Bay Area. Stock equity is additional. Final offer amounts are determined by multiple factors including candidate experience and expertise and may vary from the amounts listed above. Gusto has physical office spaces in Denver, San Francisco, and New York City. Employees who are based in those locations will be expected to work from the office on designated days approximately 2-3 days per week (or more depending on role). The same office expectations apply to all Symmetry roles, Gusto's subsidiary, whose physical office is in Scottsdale. Note: The San Francisco office expectations encompass both the San Francisco and San Jose metro areas. When approved to work from a location other than a Gusto office, a secure, reliable, and consistent internet connection is required. This includes non-office days for hybrid employees. Our customers come from all walks of life and so do we. We hire great people from a wide variety of backgrounds, not just because it's the right thin ... (truncated, view full listing at source)