Security Engineer
Profound · New York, NY · 1 wk ago
Information Technology$200k–$250k/yrFull-time
What You'll Do
- Partner with the Infrastructure team to harden the AWS environment
- Drive SOC 2 Type II continuous compliance (defining controls and closing gaps)
- Integrate security scanning into CI/CD pipelines
- Enforce least-privilege access controls and conduct regular access reviews across environments
- Build and run a vulnerability management program spanning infrastructure, applications, and dependencies
- Triage and respond to security findings from automated tooling, bug bounty programs, and third-party assessments
- Partner with Infrastructure to implement detection and monitoring capabilities using log aggregation and SIEM tooling
- Conduct risk assessments, maintain a risk register, and drive prioritization decisions
- Build security policies and procedures that reflect how we actually operate
- Lead post-incident reviews and drive systemic improvements
Must Have
- 5+ years in security engineering, with experience in high-growth SaaS or infrastructure-heavy environments
- Hands-on experience building or maintaining a SOC 2 compliance program
- Strong knowledge of AWS security services and cloud security architecture (IAM, VPC, CloudTrail, GuardDuty, Security Hub)
- Deep understanding of identity and authentication protocols (OAuth, SAML, OIDC)
- Practical scripting skills in Python or Bash for automating security workflows
Strong Plus
- Experience integrating vulnerability management and security scanning (SAST, DAST, SCA, container scanning) into CI/CD workflows
- Familiarity with network security fundamentals (firewalls, DNS, VPNs, segmentation, traffic analysis)
- Experience with infrastructure-as-code security (Terraform, CloudFormation)
- Background in penetration testing, application security assessments, or CTF competitions
- Familiarity with data infrastructure security for systems like ClickHouse or PostgreSQL
- Experience with data processing compliance in analytics-heavy environments
- Relevant certifications (CISSP, CCSP, AWS Security Specialty, or similar)
Who You Are
- A clear communicator who can translate security risks into business terms for engineering, leadership, and customer-facing teams
- A systems thinker who reasons about root causes, blast radius, and scalable control design
- A self-directed individual with strong judgment and comfort operating with significant autonomy
- Motivated by building the security foundation for a category-defining AI company