Senior Software Engineer (Security)

Triumph•San Francisco, CA

1d•Hybrid

About The Position

About Us Triumph makes mobile gaming more thrilling by letting players wager -- and win -- real money, play in mass multiplayer games, and compete in social tournaments. We've built the top app in our App Store category and sustained exponential month-over-month growth on our revenue and active players. We're hyper-scaling our team and continuing to innovate, launching new products like Rips, our collectibles app , which has found huge success and is continuing to expand. And we're just getting started. Triumph is backed by some of the top consumer VCs including Goodwater Capital, General Catalyst, and DraftKings Drive Fund. The Role As our Founding Security Engineer , you will design, implement, and own the security foundations that protect Triumph’s players, funds, and data across all products and platforms. Your work will ensure that Triumph can survive any single technical failure, credential compromise, or infrastructure security incident without irreversible loss of funds, data, or company viability. As the primary security owner across our backend, mobile clients, infrastructure, and internal tooling, you’ll set the standards for how security is built, monitored, and operated at Triumph. You’ll report directly to our CTO + Co-Founder, Jared Geller .

Requirements

5+ years of experience as a security engineer or infrastructure engineer with deep security ownership at a consumer or high-scale product company.
Proven experience designing and operating IAM, RBAC, and privilege escalation systems in cloud-native environments (e.g., AWS, GCP, or similar).
Hands-on experience with disaster recovery planning and implementation, including backups, restore testing, and defining/measuring RPO/RTO.
Strong background in secure systems design across APIs, backend services, and data stores, including practical familiarity with encryption, transport security, and key management.
Familiarity with GDPR or similar data protection regulations and translating requirements into concrete technical controls.
An understanding of how to balance productivity and risk reduction when shipping quickly in a high-growth environment.
Ability to partner with cross-functional teams (product, infra, mobile, operations) to drive security initiatives.

Responsibilities

Identity, Access & Privilege Escalation - Own all service account, IAM, and privilege-elevation systems across production infrastructure.
Blast Radius & Recovery Guarantees - Own disaster-recovery design and execution, ensuring that no infrastructure failure, security incident, or human error can cause irreversible loss of critical data, funds, or system integrity. Define and enforce recovery point (RPO) and recovery time (RTO) objectives for all existential data systems, and ensure infrastructure meets those guarantees.
Audibility & Forensic Readiness - Ensure all security-relevant actions in production are auditable, attributable, and reconstructable after the fact.
Compliance - Own the technical implementation of data-protection controls required for GDPR and similar regulations, including data access controls, retention, deletion, and audit ability.
Backend Trust & Request Authenticity - Own backend controls that ensure client traffic cannot be intercepted, replayed, or modified in a way that leads to irreversible harm, including transport security standards, replay protection, and enforcement of client attestation mechanisms (e.g., App Attest / DeviceCheck).