Head of Security
RevenueCat · posted May 29, 2026
At a glance
- Salary
- $305k–$305k USD / year
- Location
- Remote
- Posted
- May 29, 2026
- Auto-expires by
- Jul 15, 2026 (if not re-listed at source)
Remote Score for RevenueCat
RevenueCat hasn't been scored yet. Read the rubric at how we score.
About this role (from RevenueCat's posting)
RevenueCat removes the headaches of building and scaling in‑app subscriptions. Since graduating from YC’s S18 batch we’ve grown into the default monetization platform for mobile: we’re in >40% of newly shipped subscription apps, we process $12B+ in annual purchase volume, and we help everyone from a solo dev in Brazil to the OpenAI mobile team understand and grow their revenue.
We’re a remote‑first crew of 150+, spread across 25+ countries, and guided by values we actually practice: Customer Obsession, Always Be Shipping, Own It, and Balance. If you want your work to touch hundreds of millions of end‑users (and help the developers behind them get paid), you’ll fit right in.
The role
RevenueCat makes building, analyzing, and growing mobile subscriptions easy. We power monetization for thousands of apps, from small indie developers to some of the largest apps in the world.
Our platform handles billions of events every day and sits in the critical path of our customers’ revenue. Reliability and security are not support functions here. They are core product requirements.
As the world changes with AI, the security landscape is getting significantly more chaotic. Supply chain attacks, credential theft, AI-assisted phishing, malicious packages, fraud, infrastructure attacks… the pace and sophistication of threats are accelerating quickly.
We already have strong foundations:
- SOC 2 Type II for several years
- A strong infrastructure and reliability culture
- A security engineer focused on infrastructure/security operations
- Ongoing investment in application security, with a very active bug bounty program
- Product and engineering teams that genuinely care about security
- Celebrate security awareness month with red team, social attacks and other activities
But we believe the next stage requires dedicated leadership and ownership across the entire security function.
That’s where you come in.
About you
You are a deeply technical security leader who understands how modern engineering organizations actually work.
You know how to improve security without turning the company into a bureaucratic nightmare. You are pragmatic, calm under pressure, and capable of building systems and processes that scale with the company.
You have a strong understanding of both infrastructure and application security. You’ve been involved in real-world security incidents and know how to navigate high-pressure situations with good judgment.
You are comfortable operating with high ownership and ambiguity, and can move between technical details, strategic planning, customer conversations, and incident response without losing context.
You are also excited about building and scaling a strong security organization over time. You know how to recruit great people, raise the bar, and create a security culture that engineers genuinely want to work with.
You have strong opinions on:
- Supply chain security
- Secure software development
- AI-assisted engineering workflows
- Infrastructure hardening
- Identity and access management
- Incident response
- Balancing security with engineering velocity
Strong communication skills are important in this role. Experience with AWS, distributed systems, developer tools, fintech, mobile, or payments is a strong plus.
Most importantly, you understand that security is not compliance theater. It is a critical part of the reliability, trust, and long-term survival of the business.
Within 1 month, you’ll…
- Learn RevenueCat’s architecture, systems, and operational model
- Understand our existing security posture, controls, tooling, and processes
- Build relationships across engineering and infrastructure teams
- Review our current incident response and escalation practices
- Start identifying high-leverage improvements and key risks
Within 3 months, you’ll…
- Own and evolve RevenueCat’s security roadmap
- Establish clear priorities across infrastructure, application, and internal security
- Partner closely with engineering leadership on architecture and security decisions
- Evaluate risks and policies around AI-assisted development workflows
- Build trust internally as the security leader engineers want to work with, not work around
Within 6 months, you’ll…
- Drive meaningful improvements to our overall security posture
- Improve detection, prevention, and response capabilities
- Improve security education and awareness across the company
- Support customer-facing security conversations and reviews
- Help define how the security organization should scale over time
Within 12 months, you’ll…
- Establish a mature, pragmatic, high-trust security program
- Build scalable systems that support both security and engineering velocity
- Help RevenueCat stay ahead of the rapidly changing AI-driven threat landscape
- Develop a long-term strategy for security, resilience, and operational trust
- Be viewed internally as a critical technical and strategic leader across the company
WHAT WE OFFER:
- Competitive equity in a fast-growing, Series C startup backed by top-tier investors, including Y Combinator
- 10-year window to exercise vested equity options
- Fully remote and flexible work environment
- 4-5 weeks of suggested time off annually for mental, physical, and emotional recharge
- $2,000 USD for workspace setup and $1,000 USD annual stipend for continuous learning
Curious about the interview process? Discover more in our blog post https://www.revenuecat.com/blog/company/how-we-hire-at-revenuecat/ about how we hire and learn tips to help you succeed.