Principal Compliance & Security Engineer
MrBeast · San Francisco, CA · 3 wk ago
HybridInformation TechnologyFull-time
Principal Compliance & Security Engineer
About the role
Beast Industries is a multifaceted media and entertainment company founded by Jimmy Donaldson, popularly known as MrBeast. We operate across various domains including digital media, philanthropy, consumer products, and innovative business initiatives. The stakes are high as we handle money, serve minors, and ship fast and constantly.
Responsibilities
- Set the security standards other engineers build against across cloud infrastructure, applications, and data systems.
- Lead threat modeling and security reviews for high-risk products, especially Step's payment and account systems and anything touching minors' data.
- Run the vulnerability management program and drive remediation to closure with the teams that own the systems.
- Build and own incident response: detection, playbooks, escalation, post-incident review, and breach-notification readiness.
- Act as technical lead during PCI DSS and SOC 2 audits, and represent Beast with auditors, regulators, and partners.
- Translate regulatory requirements into engineering work teams can act on, and advise leaders on risk tradeoffs in plain terms.
- Define secure-by-default patterns and paved paths so most teams meet requirements without one-off review.
Requirements
- AI-Native: Using AI daily and applying it to security work.
- Security + Compliance Hybrid: 15+ years of combined experience in both fields, with proven success in PCI DSS and SOC 2.
- Applied and Hands-On: Strong skills in cloud security, application security, threat modeling, and incident response.
- Trusted on Risk: Clear decision-making on risks, explaining trade-offs in business terms, and influencing through evidence.
- Knowledge of privacy and minor-protection regulation (COPPA, GDPR, CCPA).
- Experience in fintech or payments (money movement, KYC).
- Security automation and infrastructure-as-code (Terraform, policy-as-code).
- Relevant certifications (CISSP, CCSP, OSCP).
- Standing up a security or compliance function from an early stage.
Qualifications
- BS in Computer Science or related field.
- CISSP, CCSP, or equivalent certification.
- Experience with AWS/GCP.
- Experience with Terraform and policy-as-code.
- Experience with privacy and minor-protection regulations.
- Experience with security and compliance frameworks (PCI DSS, SOC 2, COPPA, GDPR/CCPA).
Skills
- AI-Native: Daily use of AI in security work.
- Security + Compliance Hybrid: Experience in both fields.
- Applied and Hands-On: Strong skills in cloud security, application security, threat modeling, and incident response.
- Trusted on Risk: Clear decision-making on risks, explaining trade-offs in business terms, and influencing through evidence.
- Knowledge of privacy and minor-protection regulation (COPPA, GDPR, CCPA).
- Experience in fintech or payments (money movement, KYC).
- Security automation and infrastructure-as-code (Terraform, policy-as-code).
- Relevant certifications (CISSP, CCSP, OSCP).
- Standing up a security or compliance function from an early stage.
Benefits
- Equity: Highly competitive equity package.
- Hybrid Model: 3 days per week in-office (Bay Area or NYC).
- Health Benefits: Medical (Blue Cross Blue Shield), Dental, Vision, and company-paid Life Insurance.
- Health Savings Account (HSA): Company contributions.
- Retirement: 401k Plan with Safe Harbor company-matching.
- Vacation Policy: Flexible vacation policy and paid company holidays.
- Technology Package: Company-provided technology.
- Relocation Assistance: Relocation assistance where applicable, including travel and company-provided housing for the first 90 days.