Compliance & Security Engineer

About The Position

Requirements

• Around 15 years of combined security engineering and compliance experience.
• Proven ownership of PCI DSS and SOC 2 in a production environment, from control design through successful audit.
• Strong cloud security (AWS/GCP) skills.
• Proficiency in application security.
• Experience with threat modeling.
• Experience with incident response.
• Ability to read and reason about code.
• Experience with privacy and minor-protection regulations (COPPA, GDPR, CCPA) and their mapping to technical controls.
• Ability to clearly communicate risk and trade-offs to business stakeholders.
• Treating minors' data and customer money with the highest level of security.
• Influencing through evidence, not title.

Nice To Haves

• AI-Native: Using AI daily and integrating it into security work.
• Fintech or payments experience (money movement, KYC).
• Experience with security automation and infrastructure-as-code (Terraform, policy-as-code).
• Relevant certifications (CISSP, CCSP, OSCP).
• Experience standing up a security or compliance function from an early stage.

Responsibilities

• Own the security architecture and the technical compliance posture across Step, Feastables, and the media organization.
• Build a unified control framework, mapping each control to the regulations it satisfies (PCI DSS, COPPA, GDPR/CCPA, SOC 2).
• Implement continuous compliance by automating evidence collection and control monitoring.
• Set security standards for cloud infrastructure, applications, and data systems.
• Lead threat modeling and security reviews for high-risk products, particularly payment and account systems, and any systems involving minors' data.
• Manage the vulnerability management program and oversee remediation efforts with system-owning teams.
• Develop and manage incident response processes, including detection, playbooks, escalation, post-incident reviews, and breach-notification readiness.
• Serve as the technical lead during PCI DSS and SOC 2 audits, and represent Beast Industries with auditors, regulators, and partners.
• Translate regulatory requirements into actionable engineering tasks and advise leadership on risk trade-offs.
• Define secure-by-default patterns and paved paths to help teams meet requirements efficiently.

Benefits

• Highly competitive equity package
• Generous Medical (Blue Cross Blue Shield), Dental, Vision and company-paid Life Insurance
• Company contributions to employee Health Savings Accounts (HSA)
• 401k Plan with Safe Harbor company-matching
• Flexible vacation policy
• Paid company holidays
• Company-provided technology package
• Relocation assistance where applicable, including travel and company-provided housing for the first 90 days