Security Engineer

About The Position

Requirements

• An engineering background – you were a software engineer first and know your way around security.
• You build things, not just advise on them.
• 4+ years of experience spanning product security and other areas.
• Hands-on experience with compliance programs (SOC 2, PCI, or similar) in a fast-moving environment.
• A builder’s orientation toward security tooling – you’d rather write the tool that prevents the mistake than write the policy that forbids it.
• The soft skills to be a trusted security partner across the company: telling people no with a path forward, finding alternatives that work, and building credibility through helpfulness rather than gatekeeping.
• Comfort operating as a generalist across product security, corporate security, and security tooling.

Nice To Haves

• Experience securing systems that handle sensitive data in regulated verticals – banking, insurance, fintech, healthcare.
• Familiarity with the security challenges of multi-tenant AI systems: prompt injection, data isolation, output validation, or the broader trust surface of LLM-powered products.
• Experience with infrastructure security in distributed environments – container orchestration, cross-VPC networking, secrets management at scale, or securing customer-deployed runtimes.
• Familiarity with managing outsourced IT or vendor relationships.
• Experience at an early-stage startup where you built security programs from scratch rather than inheriting them.

Responsibilities

• Lead product security: threat modeling, secure code review, vulnerability management, and building security into the development lifecycle.
• Build internal security tooling that makes secure-by-default behavior the path of least resistance for the engineering team.
• Harden the infrastructure that underpins Poetic’s runtime – from multi-tenant isolation and secrets management to network boundaries and data handling pipelines.
• Communicate with customer security teams to ensure and communicate Poetic's security posture and architecture.
• Be the internal voice on security: help the team understand tradeoffs, find paths that satisfy both security and velocity, and communicate clearly with stakeholders.
• Work closely with external IT and Security partners, ensuring smooth day-to-day operations and appropriate controls.
• Own day-to-day compliance programs – including SOC 2 and PCI – as the internal DRI, working closely with external compliance and audit partners.

Benefits

• We are in-person only in San Francisco, CA or New York City, NY