Gusto

Senior Software Engineer, Product & AI Security

San Francisco Bay AreaWebsite

Full details on LinkedIn

The complete job description, requirements, and application details are available on the original posting.

About Gusto

Gusto is a cloud-based payroll, benefits, and human resource management software solution tailored for small businesses in the United States. It simplifies and automates essential tasks such as payroll processing, benefits administration, hiring, and HR compliance, making it an ideal choice for startups, small business owners, bookkeepers, and HR professionals. The platform offers a comprehensive suite of services, including payroll management that handles tax calculations and filings, employee benefits administration for health insurance and retirement plans, and human resources management features like onboarding and time tracking. Gusto also provides an employee self-service portal, allowing workers to manage their information and access important documents easily. With location-based time tracking capabilities and integration with popular accounting tools, Gusto supports businesses in streamlining their operations effectively.

Industry

information technology & services

Employees

2,700

706 engineers

Revenue

$600M

Website

Visit →

Security at Gusto

Compiled from public job postings, careers pages, and company materials. Data may not reflect current state — verify during interviews.

3 Intel Signals

Security Philosophy

“Gusto follows a decentralized risk model where security acts as a partner rather than a gatekeeper, emphasizing developer education and ownership. - **Stated AppSec Mission:** "We take data security and privacy extremely seriously"– Gusto Security (https://gusto.com/security) - **Developer Enablement vs. Gatekeeping:** "We're here to educate, not dominate"– Gusto Engineering (https://engineering.gusto.com/finding-the-less-risky-path-together-security-partnership-at-gusto-fec8c7bb90c9) - **Risk Philosophy:** "engineering teams own the risk of the code they write"– Gusto Engineering (https://engineering.gusto.com/finding-the-less-risky-path-together-security-partnership-at-gusto-fec8c7bb90c9)”

Security Team

Gusto's security organization includes a Product & AI Security team that operates by embedding with partner engineering teams to build security tools and services.
The team is led by security professionals such as Breanne Boland (Product Security Engineer) and has historically reported through a Chief Security Officer (Fredrick Lee).
Current hiring efforts indicate an expansion into AI-specific security roles. - **Key Leaders:** - Breanne Boland, Product Security Engineer

Key Initiatives

Gusto's AppSec team engages in proactive security reviews, training, and external bug bounty management. - **Security Champions Program:** No Evidence Found (Note: Internal guilds exist but no formal 'Champions' program is named in public citations). - **Vulnerability Management Process:** - **Intake:** "Bug bounty program"– Gusto Security (https://gusto.com/security); "Investigate a Bugcrowd submission"– Gusto Engineering (https://engineering.gusto.com/finding-the-less-risky-path-together-security-partnership-at-gusto-fec8c7bb90c9) - **Triage/Remediation:** Information not publicly available (specific SLAs/MTTR not found). - **Secure SDLC Artifacts:** - "Set up a feature review"– Gusto Engineering (https://engineering.gusto.com/finding-the-less-risky-path-together-security-partnership-at-gusto-fec8c7bb90c9) - "monthly secure code training"– LinkedIn (https://www.linkedin.com/in/breanneboland) - **Recent Initiatives (Last 6 Months):** Rollout of unified scanning – "Architected rollout of Boost Security for unified security scanning for all repos"– LinkedIn (https://www.linkedin.com/in/breanneboland)

Preparing for an AppSec interview?

Get the weekly briefing 2,000+ security pros trust.