Security Operations Engineer

Our mission at Duolingo is to develop the best education in the world and make it universally available. It’s a big mission, and that’s where you come in!

At Duolingo, you’ll join a team that cares about finding innovative solutions to complex technical problems, running countless experiments (300+ at a time!) with our massive user base to make data-driven decisions, and educating our users and employees alike. You’ll have limitless learning opportunities, mentorship and collaboration with world-class minds, and a variety of projects with large scopes — while doing work that’s both fun and meaningful.

Join our life-changing mission to develop education for our half a billion (and growing!) learners around the world.

About the role

Join Duolingo as a Security Operations Engineer and play a pivotal role in safeguarding our systems, employees, learner data, and services across our rapidly-growing language learning platform. With over 900 employees and over 45 million daily active users (DAUs) and over 120 million monthly active users (MAUs), your expertise will be critical in maintaining the highest security standards, while continuously enhancing our infrastructure security and ensuring compliance.

You will...

• Investigate and respond to security incidents, abuse/spam reports, and suspicious activity in our cloud environments (AWS and beyond)
• Coordinate with external vulnerability disclosure platforms (e.g., HackerOne) to triage, assess, and route reports for remediation
• Partner with engineering teams properly manage secrets, harden authentication flows, and improve secure coding practices
• Advise on third‐party tool/vendor security reviews and approve or reject requests based on risk assessment
• Maintain and improve internal security documentation, policies, and developer guidance
• Collaborate with product and infrastructure teams to conduct security reviews of technical specifications and provides input on secure design considerations
• Proactively identify and mitigate risks in our cloud and application environments
• Design and implement automation to detect, contain, and remediate common security incidents, reducing manual effort and response time
• Use AI‐driven tooling to classify, prioritize, and summarize incoming security reports for faster triage
• Develop automated workflows for credential rotation, policy enforcement, and compliance checks

You have...

• Experience deploying, managing, and troubleshooting security scanning tools
• Familiarity with Linux system administration, automation, and proven experience with one or more programming or scripting languages
• A desire to learn more about security and develop the foundational building blocks of the program
• Strong collaboration, emotional intelligence, and communication skills
• A Bachelor’s degree in Computer Science, Engineering or related technical field
• 2+ years working on collaborative development teams
• Experience in product, application, or cloud security
• Ability to work in/relocate to New York, NY

Exceptional candidates will have...

• Familiarity with containerization runtimes (Docker, rkt)
• Experience securing a large infrastructure on AWS
• Threat modeling experience across various architectures and understand how to align those with business goals
• Demonstrable experience in designing and managing multi-account cloud environments
• Experience communicating sophisticated technical requirements to audiences of variable technical sophistication
• Experience working in Terraform, developing modules and creating secure by default configurations
• Familiarity with security scanning tools such as SemGrep, Nuclei, Trufflehog, and Checkov