Senior Security Operations Engineer
AssemblyAI · United States · 1 mo ago
RemoteRemoteInformation Technology$180k–$220k/yrFull-time
About the role
AssemblyAI runs a mature, multi-framework security and compliance program—including SOC 2 (all trust criteria), ISO 27001, and PCI 4.0—that protects the infrastructure and customer data behind our industry-leading Voice AI API. We're hiring a Senior Security Operations Engineer to join our IT & Security team as the company's first security engineering role.
Responsibilities
- Conduct threat modeling and security design reviews for new features, services, and architectural changes—partnering with product and platform engineers early in the design phase.
- Perform secure code reviews and provide actionable feedback, focusing on authentication, authorization, input handling, secrets management, and data protection.
- Deploy and maintain security tooling across the development lifecycle—SAST, SCA, DAST, secret scanning, IaC scanning, and CI/CD security guardrails.
- Support best practices to adopt secure-by-default libraries, frameworks, paved-road patterns, and developer guidance to reduce classes of vulnerabilities across the codebase.
- Partner with platform engineering on infrastructure and environment security—including AWS resource hardening, Terraform-managed infrastructure reviews, network segmentation, and environment isolation improvements.
- Contribute to incident response for security events: investigation, root cause analysis, and post-incident hardening.
- Drive vulnerability triage and prioritization across teams, tracking remediation against targets and reporting metrics. Step in to remediate directly through patches and PRs where you identify high-impact opportunities.
- Partner with sales and legal responding to customer and vendor questionnaires, RFP security sections, and trust-and-safety inquiries.
- Support SOC 2, ISO 27001, PCI 4.0, and other compliance audit cycles by gathering evidence, documenting controls, and coordinating with auditors.
- Maintain and improve security runbooks, process documentation, and operational playbooks—building automation where possible to reduce manual burden using AI-assisted development tools.
Requirements
- 5+ years of experience in security engineering, security operations, or a related role that combined both
- Hands-on experience with at least one of SOC 2, ISO 27001, or PCI compliance audit cycles—you've gathered evidence, documented controls, and worked with auditors, not just read about it
- Strong application security fundamentals: threat modeling, secure code review, and familiarity with common vulnerability classes (OWASP Top 10, CWE)
- Experience with security tooling across the development lifecycle: SAST, SCA, DAST, secret scanning, or IaC scanning
- Working knowledge of AWS infrastructure and services, including IAM, VPC networking, and security configurations
- Familiarity with infrastructure-as-code (Terraform preferred) and CI/CD pipeline security
- Proficiency in Python and comfort reading code across backend services
- Strong written communication skills—you'll write audit documentation, security questionnaire responses, policy documents, and runbooks regularly
- Comfort using AI-assisted development tools (e.g., Claude Code, Copilot, or similar) to write scripts, build automations, and accelerate documentation—AI tool fluency is a core expectation at AssemblyAI
Qualifications
- Nice to have: Experience securing AI/ML systems or inference infrastructure, familiarity with endpoint security platforms and cloud security tooling, security incident handling experience, experience with vulnerability management programs, security certifications (CISSP, CSSLP, AWS Security Specialty, or equivalent), experience at a high-growth startup in a security role