Security Engineer

About The Position

Requirements

• 3 or more years of experience in security engineering, including experience in high-growth SaaS or infrastructure-heavy environments
• Deep understanding of access control models, identity management systems, and authentication protocols such as OAuth, SAML, and OIDC
• Hands-on experience building or maintaining a SOC 2 compliance program
• Strong knowledge of AWS security services and cloud security architecture including IAM, VPC, CloudTrail, GuardDuty, and Security Hub
• Experience integrating vulnerability management tooling into CI or CD workflows
• Familiarity with network security fundamentals including firewalls, DNS, VPNs, segmentation, and traffic analysis
• Practical scripting skills in Python or Bash for automation of security workflows
• Clear communicator who can translate security risks into business terms for engineering, leadership, and customer-facing teams
• Systems thinker who understands root causes, blast radius, and scalable control design
• Self-directed with strong judgment and comfort operating with significant autonomy
• Motivated by building the security foundation for a category-defining AI company

Nice To Haves

• Experience with infrastructure as code security such as Terraform or CloudFormation
• Familiarity with data infrastructure security for systems such as ClickHouse or PostgreSQL
• Background in penetration testing or application security assessments
• Relevant certifications such as CISSP, CCSP, AWS Security Specialty, or similar
• Experience with data processing compliance in analytics-heavy environments

Responsibilities

• Design, implement, and maintain role-based and attribute-based access control across production systems, cloud infrastructure, and corporate tools
• Own identity and access management including SSO, SCIM provisioning, and lifecycle automation across Google Workspace, AWS, and internal systems
• Conduct regular access reviews and enforce least-privilege principles across environments
• Build automated workflows for onboarding, offboarding, and role change provisioning
• Build and run a vulnerability management program across infrastructure, applications, and dependencies
• Integrate security scanning into CI or CD pipelines including SAST, DAST, SCA, and container image scanning
• Triage and respond to security findings from automated tools, bug bounty programs, and third-party assessments
• Own SOC 2 Type II compliance end to end, including defining controls, collecting evidence, managing auditor relationships, and closing gaps
• Build and maintain security policies, standards, and procedures aligned with operational reality
• Support customer security reviews, vendor assessments, and due diligence processes
• Conduct risk assessments and maintain a risk register that informs prioritization decisions
• Secure AWS infrastructure including VPC architecture, security groups, IAM policies, and network segmentation
• Implement and maintain logging, monitoring, and alerting for security-relevant events across cloud and corporate systems
• Oversee physical security controls for the Union Square office including access management, visitor policies, and asset tracking
• Build and maintain an incident response plan, run tabletop exercises, and lead incident response when necessary
• Implement detection capabilities using log aggregation, SIEM tooling, and anomaly detection
• Conduct post-incident reviews and drive systemic improvements