Security Engineer

Crosby•New York, NY

About The Position

Crosby is an AI-first legal platform reimagining corporate legal services from the ground up. We are a team of technologists and legal experts who build proprietary technology and human-in-the-loop workflows that meaningfully improve how lawyers and machines work together — delivering speed, consistency, and quality across high-stakes work. Our systems review complex documents faster and with exceptional accuracy, combining advanced AI with structured legal expertise. Clients receive AI-powered redlines, commentary, and negotiation guidance within hours, at a predictable, volume-based price. Backed by Sequoia, Index Ventures, and Bain Capital Ventures, we're building the end-to-end contracting platform for the next generation of fast-growing companies. The Engineering team builds the core systems and infrastructure that power Crosby’s AI-first platform. We operate in high-stakes environments where security, reliability, and data integrity are critical to everything we do. We prioritize strong foundations, ownership, and rigor — ensuring our systems are secure by design while enabling fast product iteration. As a Security Engineer at Crosby, you'll play a critical role in designing and implementing the security foundations of our platform. You’ll be responsible for protecting sensitive legal data, securing our infrastructure, and embedding best-in-class security practices across the engineering organization. You’ll work closely with engineering, product, and legal teams to identify risks, implement controls, and ensure our systems meet the highest standards of security and compliance. This role is for someone who is both deeply technical and highly pragmatic — able to balance strong security guarantees with the speed required in a fast-moving environment.

Requirements

4+ years of experience in security engineering, infrastructure security, or a related role
Strong understanding of application security, cloud security (e.g., AWS/GCP), and common vulnerability classes
Experience securing production systems, including authentication, authorization, and data protection
Proficient in at least one programming language (e.g., Python, Go) and comfortable working with engineering teams
Experience with security tooling, monitoring systems, and incident response workflows
Highly pragmatic — able to prioritize risks and implement effective, scalable solutions
Strong ownership mindset with the ability to operate independently in ambiguous environments
Clear communicator who can work effectively with engineers, product teams, and leadership

Responsibilities

Own application and infrastructure security: Design and implement security controls across our application, APIs, and cloud infrastructure.
Protect sensitive data: Build systems and processes to safeguard confidential legal and customer data.
Drive security best practices: Establish and enforce secure development practices, including code reviews, threat modeling, and vulnerability management.
Monitor and respond: Implement monitoring, alerting, and incident response processes to detect and respond to security threats.
Ensure compliance readiness: Support security and compliance efforts (e.g., SOC 2), including documentation, controls, and audits.
Collaborate across teams: Partner with engineering and product teams to embed security into the development lifecycle without slowing velocity.

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume