Founding Security Engineer
Role summary
This is a founding Security Engineer role responsible for defining and owning the organization's end-to-end security posture. The role involves shaping architecture, controls, and compliance for critical systems, building technical security engineering practices, and growing the security function. Key responsibilities include securing CI/CD pipelines, operating security tooling (SIEM/EDR/observability), securing multi-cloud and Kubernetes environments, implementing zero-trust networking, and ensuring alignment with compliance frameworks like SOC 2, ISO 27001, and FedRAMP. The position requires 5+ years of experience in cybersecurity, product security, or cloud security, with hands-on experience in cloud and Kubernetes environments, infrastructure-as-code, and security tooling integration. The role is hybrid, with a competitive salary and benefits package.
Benefits You’ll Love
- Equity
- Competitive benefits package (mentioned)
Become a Key Player as a Founding Security Engineer
You will define and own the organization’s security posture end-to-end, shaping architecture, controls, and compliance for mission-critical systems while serving customers, auditors, and internal teams. This is a high-visibility role where you’ll build technical security engineering practices and grow the security function over time. Hybrid: collaborate in person twice weekly (Mondays and Thursdays) with a full-team week every two months; organization prefers local candidates but may consider remote from the San Francisco area or relocation to Los Angeles.
Here’s How You’ll Make an Impact on the Team
- Build secure CI/CD pipelines with embedded scanning and automation
- Operate, tune, and integrate SIEM/EDR and observability tooling (examples include ELK, Datadog, Splunk, CrowdStrike, Prometheus, Grafana) into workflows
- Secure multi-cloud and on-prem environments, including Kubernetes and AWS (GovCloud environments supported)
- Implement zero-trust networking and modern SASE/ZTNA approaches
- Improve visibility and observability across networks and workloads
- Partner with external compliance firms to achieve SOC 2, ISO 27001, NIST 800-171, FedRAMP, and CMMC alignment
- Support third-party/vendor security assessments and readiness for audits by providing technical evidence and controls
- Deliver company-wide security awareness training focused on secure development and operations
- Handle customer-facing security reviews and respond to technical security inquiries
Here’s What You’ll Need to Be Successful in This Role
- 5+ years in cybersecurity, product security, or cloud security roles, ideally in high-assurance or regulated industries
- Hands-on experience securing AWS or equivalent cloud providers (GovCloud preferred) and Kubernetes-based environments
- Strong infrastructure-as-code practices and experience integrating security into CI/CD
- Familiarity with compliance frameworks and implementing technical controls (SOC 2, ISO 27001, NIST 800-171, FedRAMP, CMMC)
- Deep understanding of network, endpoint, and identity security principles
- Experience with security tooling and integration into operational workflows (SIEM/EDR/observability)
- Proven ability to translate security and regulatory requirements into actionable engineering work
- Clear communicator with both technical and non-technical stakeholders; comfortable in customer-facing audit and assurance settings
- High ownership, adaptability, and discretion handling sensitive data and compliance matters
Here’s What Else Might Help You Out
- Prior experience supporting aerospace, defense, or other highly regulated sectors
- Hands-on experience with specific tooling mentioned (ELK, Datadog, Splunk, CrowdStrike, Prometheus, Grafana)
Pay Range
$170,000 - $220,000/year
Ready to Make Your Mark?
This role may fill quickly. Submit your resume to be considered.
