Founding Security Engineer / Head of Security
About The Position
uRun is building the inference cloud for interactive AI, focusing on the compute layer that enables real-time, stateful inference at scale. As the company's first dedicated security hire, this founding role involves end-to-end ownership of security as a hands-on engineer, with the potential to build and lead the security function as the team grows. The core mission is to establish a robust security foundation for the company's infrastructure, including hardening a distributed AWS and Kubernetes stack, implementing a compliance program for enterprise deals, and integrating security into engineering practices without creating bottlenecks. This role is crucial as the company transitions from stealth to scale, initiates enterprise partnerships, and approaches its Series A funding round.
Requirements
- 6+ years in security engineering, including time as a founding or sole security hire, or otherwise owning security with minimal support.
- Proven track record delivering SOC 2 end-to-end as program owner — not just as a contributor.
- Deep AWS experience: IAM, KMS, GuardDuty, CloudTrail, EKS, and Kubernetes security.
- Hands-on with compliance automation tooling: Vanta, Drata, or equivalent.
- Comfortable embedding security into CI/CD: SAST, DAST, secrets scanning, dependency management.
- Strong incident response background: you've handled real incidents and built playbooks from scratch.
- A clear communicator who can represent security to technical and non-technical stakeholders, including customers.
- Able to work PST hours and thrive in a fast-moving, ambiguous environment.
Nice To Haves
- Familiarity with AI security frameworks: OWASP LLM Top 10, MITRE ATLAS.
- Certifications: AWS Security Specialty, CISSP, CISM, or equivalent.
- Experience securing GPU or ML-inference infrastructure specifically.
Responsibilities
- Own SOC 2 Type II end-to-end: scoping, control design, evidence collection, and audit.
- Drive ISO 27001 and additional frameworks as we scale into enterprise partnerships.
- Stand up and manage compliance automation tooling (Vanta, Drata, or equivalent).
- Respond to vendor security questionnaires and represent uRun's security posture on customer calls.
- Build and maintain security policies, procedures, and documentation.
- Harden our AWS environment: IAM, KMS, secrets management, GuardDuty, CloudTrail, VPC.
- Secure our Kubernetes and EKS stack: container security, RBAC, network policies, runtime controls.
- Embed security into CI/CD pipelines: SAST, dependency scanning, secrets scanning.
- Build detection and response capabilities: alerting, playbooks, and incident response processes.
- Drive vulnerability management end-to-end, from detection through remediation and reporting.
- Work directly with engineering to resolve security blockers and unblock partnership deals.
- Manage external auditor relationships and coordinate security reviews.
- Report on security posture and risk to leadership.
Benefits
- Competitive salary and meaningful equity in an early-stage AI infrastructure company.
- Health, dental, and vision — full coverage.
- 401(k) — company-supported retirement savings.
- FSA/HSA — flexible spending accounts for healthcare costs.
- Paid time off — we trust you to manage your time.
- Top-tier tooling — access to the best AI tools available: Claude, Codex, Kimi, and whatever else helps you move faster.
- MacBook Pro and AirPods — the hardware you need, on us.
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Senior
Education Level
No Education Listed
