Sr. Security Engineer

About Odyssey:

K-12 education is one of the most consequential determinants of a child’s future — and many families have had limited ability to shape how and where their child learns. Education Savings Account (ESA) programs are changing that. One of the fastest-growing public education initiatives in the U.S., they give states the ability to put education funding directly in the hands of families, who can then choose the learning experiences that best fit their child — from schools and tutors to therapy, curriculum, and technology.

But once these policies are signed into law, states face an enormous operational challenge. They must stand up entirely new programs, manage the secure and compliant flow of public funds, approve and monitor thousands of vendors, support families at scale, and prevent fraud — all while delivering a high-quality user experience.

That’s where Odyssey comes in.

We partner with state agencies to design, launch, and operate ESA and grant programs on their behalf. We provide the technology, program operations, vendor ecosystem, and family experience that make these programs actually work in the real world. Today, we operate across 6 states, and our platform powers programs serving 200,000+ students and over $1B in education funding — and we’re just getting started.

Most recently, we launched the Texas Education Savings Account (EFA) program — the biggest day-one ESA launch in the country — which has already received nearly 200,000 applications. It’s the kind of moment that captures exactly what we’re building toward: programs that work at scale, from day one, when it matters most.

We’re backed by respected investors, including a16z and Tusk Venture Partners, and we’re building the team that will take us to the next stage.

Odyssey sits at the intersection of GovTech, EdTech, and FinTech. We are a public-sector operator, a technology company, and a program delivery partner all at once. The work we do is civic infrastructure — it determines whether families can access life-changing educational opportunities.

Why This Work Is Different

We’re in the weeds with state partners, internally with our product teams, and turning ambiguous policy into real systems that families depend on. This means building a platform that meets each state’s configuration needs while being flexible enough to support all customers. We are not building be-spoke software!

If you want a highly structured environment, this will feel uncomfortable. If you want ownership, speed, and problems that actually matter, you’ll feel right at home.

About The Role

As Odyssey's first Security Engineer, you'll have full ownership of our security posture — shaping strategy, building programs from the ground up, and driving best practices across our entire technology stack and product suite. This is a high-impact, high-visibility role where your decisions will directly influence how we protect our customers, vendors, and employees.

You'll partner closely with cross-functional teams to embed security into everything we build and ship, champion solutions to emerging security challenges, and ensure we stay ahead of an evolving threat landscape. You're someone who embraces AI tools to work smarter — whether that's accelerating threat detection, streamlining vulnerability analysis, or improving how we respond to incidents.

What You’ll Do

• Collaborate closely with cross-functional teams to proactively identify, assess, and remediate security risks across Odyssey's products and infrastructure, proposing enhanced controls and process improvements where needed

• Perform static and dynamic vulnerability assessments and drive remediation efforts through to resolution

• Evaluate security risks in AI systems and data pipelines, and leverage AI-assisted tooling to enhance threat detection, vulnerability analysis, and security operations

• Maintain and mature Odyssey's SOC 2 Type II program, ensuring a secure environment for vendors, customers, end-users, and employees

• Design and implement security controls across Odyssey's full technology stack — from application layer to cloud infrastructure

• Translate complex security findings into clear, actionable remediation steps for both technical and non-technical stakeholders

• Continuously audit policies, controls, and procedures to keep security practices ahead of an evolving threat landscape

• Embed security seamlessly into the developer workflow — including CI/CD pipelines, code review processes, and internal tooling — without compromising velocity

About You

• 6+ years of Software Engineering experience with a focus on security, cloud security, DevOps, network security, or similar domains

• Solid understanding of industry standards and compliance frameworks (SOC 2, ISO 27001, etc.) with hands-on experience driving organizational adherence

• Experience applying AI-assisted tooling to accelerate threat detection, code review, and vulnerability analysis

• Experience deploying and operating SAST, DAST, and SCA tools across the software development lifecycle

• Strong track record managing security projects end-to-end — from planning through delivery — within timelines and budgets

• Experience with penetration testing tools, techniques, and methodologies, with a clear understanding of common vulnerabilities and remediation strategies

Additional Details:

• This role is available as fully remote (US-based) or hybrid out of our NYC office in Tribeca. The full team comes together twice a year for an offsite.

• Applicants must be currently authorized to work in the United States on a full-time basis.

• We believe that everyone at Odyssey should be compensated fairly. We set our salary bands based on compensation data from hundreds of companies at our stage.