Security Engineer
About The Position
At Blee we are replacing workflows that typically run on spreadsheets, email, etc with AI-first software that brings the whole org together to meet compliance requirements faster, more thoroughly, and with greater transparency. We currently have thousands of active users from dozens of enterprise-grade customers on pledged, or paid, long-term contracts. Our leadership group hails from the likes of Adobe, Chime, PayPal, AWS, Wachtell, Harvard Law, and Columbia Law. We have built the first platform that handles the unique challenges our customers face from front-to-back. We find the ideal people for Blee will not only be natural problem solvers but will also enjoy the thrill of discovering which problems our users need solving in the first place, most of whom have never used a product like Blee before. We have an office in downtown SF, one in NYC coming soon, and most of our team is split between the Bay Area and NYC. This is a Security Engineer role for someone who wants to own security end-to-end at a fast-growing startup. You will be the first dedicated security hire, responsible for building and maintaining our security posture from SOC 2 compliance to infrastructure hardening to enterprise security reviews. This role is designed for someone who wants to build a security program from the ground up. As Blee scales, you will grow into a security leadership role, shaping the team and strategy as the company's customer base and regulatory requirements expand.
Requirements
- 4+ years of experience in security engineering or infrastructure security
- Have personally taken at least one company through SOC 2 Type II – you know the audit process, the evidence collection, and the gotchas
- Hands-on with cloud security (AWS, GCP, or Azure) and modern infrastructure tooling (Terraform, Kubernetes, etc.)
- Based in SF or NYC & willing to come into the office 3 days a week
- Security-obsessed – you think in threat models and attack surfaces by default
- A builder who thrives in ambiguity – you've stood up security programs, not just maintained them
- Comfortable owning ambiguous problems end-to-end without a dedicated security team around you
- Equally at home writing security policies and shipping infrastructure improvements
- Proactive and self-directed; you identify risks before they become incidents
- Excited to be an early security hire and shape the function from scratch
- Applicants must be authorized to work for any employer in the U.S. We are unable to sponsor or take over sponsorship of an employment Visa at this time
Responsibilities
- Own and drive compliance certifications – SOC 2 Type II, ISO 27001, and related frameworks (GDPR, CCPA, HIPAA, PCI-DSS)
- Design and operate scalable, secure infrastructure – For real-time systems and AI batch pipelines
- Build security practices and tooling that scale – Not just compliance checkboxes, but engineering-first security that grows with the company
- Harden cloud infrastructure – Access control, secrets management, audit logging, and vulnerability management
- Improve CI/CD pipelines and developer experience – When not on core security work, accelerate developer workflows and occasionally contribute to product features
Benefits
- Competitive salary and equity package
- Fully paid medical, dental, and vision insurance
- Free access to OneMedical
- Short and long-term disability insurance
- Company-paid life insurance
- Company-sponsored 401k
- Unlimited PTO (with mandatory 15 days off)
- Financial support for work-adjacent learning opportunities
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Senior
Education Level
No Education Listed
