Staff Embedded InfoSec Engineer
MrBeast · San Francisco, CA · 1 wk ago
HybridEngineering$170k/yrFull-time
Staff Embedded InfoSec Engineer
About the role
Beast Industries is a multifaceted media and entertainment company founded by Jimmy Donaldson, popularly known as MrBeast, the most watched person in the world. Renowned for revolutionizing digital content creation, Beast Industries encompasses a diverse portfolio of ventures that extend far beyond its origins on YouTube. With a mission to entertain, inspire, and create significant social impact, Beast Industries operates across various domains including digital media, philanthropy, consumer products, and innovative business initiatives. At Beast Industries, we believe in the transformative power of digital media and its potential to entertain, educate, and effect positive change. Our commitment to innovation, creativity, and philanthropy drives us to explore new frontiers, create unforgettable experiences, and build a legacy that inspires future generations.Location
Bay Area (San Francisco / Peninsula)Reports to
Director of EngineeringTeam
SecurityThe Opportunity
We are building a first-of-its-kind consumer membership ecosystem from the ground up — and when you're serving 100M+ users security has to be built in from day one, not bolted on later. As our Staff Embedded InfoSec Engineer, you will be the foundational security hire on the Security team, embedded directly with product squads to ship features that are secure by design rather than secured after the fact. This is a hands-on, build-with-the-team role. You'll own application security, run the pen testing program, and architect the controls that meet partner security requirements so the business can close deals and ship with confidence.The Product
You will be the security anchor underneath a membership ecosystem anchored around the MrBeast audience. Your surface area spans every product squad and every partnership:- Application Security: Threat modeling, secure-by-default patterns, code review, and developer-facing tooling across the membership app, creator marketplace, and platform services.
- Offensive Testing: A pen testing program you own end-to-end — internal red-team exercises, coordinated external engagements, and continuous validation against real attacker behavior.
- Security Architecture: The control framework that lets us meet partner security requirements — and the architecture decisions that keep us ready for the next partner, not scrambling for them.