Compliance & Security Engineer

About The Position

Requirements

• Around 15 years of combined security engineering and compliance experience.
• Proven ownership of PCI DSS and SOC 2 in production environments, from control design through successful audits.
• Strong cloud security experience (AWS/GCP).
• Proficiency in application security, threat modeling, and incident response.
• Ability to read and reason about code.
• Experience translating regulatory requirements into actionable engineering work.
• Experience advising leaders on risk tradeoffs.
• Working knowledge of privacy and minor-protection regulations (COPPA, GDPR, CCPA) and their mapping to technical controls.
• AI-Native: Daily use of AI and integration into security work (automation, evidence pipelines).

Nice To Haves

• Fintech or payments experience (money movement, KYC).
• Experience with security automation and infrastructure-as-code (Terraform, policy-as-code).
• Relevant certifications (CISSP, CCSP, OSCP).
• Experience standing up a security or compliance function from an early stage.

Responsibilities

• Own the security architecture and technical compliance posture across Step, Feastables, and the media organization.
• Build a unified control framework, mapping each control to the regulations it satisfies (PCI DSS, COPPA, GDPR/CCPA, SOC 2).
• Implement continuous compliance by automating evidence collection and control monitoring.
• Set security standards for cloud infrastructure, applications, and data systems.
• Lead threat modeling and security reviews for high-risk products, particularly Step's payment and account systems and any systems handling minors' data.
• Manage the vulnerability management program and drive remediation efforts with system owners.
• Build and own incident response processes, including detection, playbooks, escalation, post-incident reviews, and breach notification readiness.
• Act as technical lead during PCI DSS and SOC 2 audits, representing Beast Industries with auditors, regulators, and partners.
• Translate regulatory requirements into actionable engineering tasks and advise leadership on risk tradeoffs.
• Define secure-by-default patterns and paved paths to ensure most teams meet requirements without individual reviews.

Benefits

• Highly competitive equity package designed for a foundational hire.
• Competitive Salary
• Generous Medical (Blue Cross Blue Shield), Dental, Vision and company-paid Life Insurance
• Company contributions to employee Health Savings Accounts (HSA)
• 401k Plan with Safe Harbor company-matching
• Flexible vacation policy and paid company holidays
• Company-provided technology package
• Relocation assistance where applicable, including travel and company-provided housing for the first 90 days