Responsibilities
- Develop and refine security architecture for SaaS, on-prem, and distributed agent systems.
- Set foundational design standards for multi-tenancy, identity and access management, secrets handling, and cloud perimeters.
- Collaborate closely with engineering leadership to integrate security into development lifecycles.
- Lead governance, risk, and compliance programs, with a focus on SOC 2 readiness and audit compliance.
- Treat AI security as a core domain and collaborate with AI teams to influence secure product development.
- Establish internal policies for AI use, covering data access, third-party risk, model retention, and prompt security.
- Analyze how AI adoption impacts privilege structures, data flows, and potential attack vectors.
- Ensure AI integration enhances productivity without introducing uncontrolled data risks.
- Define security integration in CI/CD, infrastructure-as-code, identity, secrets, and software supply chain processes with engineering teams.
- Lead the design of monitoring, detection, and incident response systems across cloud and development environments.
- Manage penetration testing initiatives and ensure results drive lasting technical improvements.
- Expand the DevSecOps function by hiring and mentoring engineers focused on security tooling and automation.
- Supervise the IT/InfoSec Manager and advance corporate IT, governance, and compliance capabilities.
- Enforce strong security controls for endpoints, vendor access, and employee lifecycle management.
- Synchronize IT operations and compliance activities with engineering-led security frameworks.
Compensation
Competitive salary and equity package
Work Arrangement
Hybrid or remote with team coordination across time zones
Team
Cross-functional collaboration with engineering, AI, platform, and product teams
Responsibilities
- Define and continuously evolve security architecture across our multi-tenant SaaS platform, on-prem product, and distributed agent systems.
- Establish security design principles for multi-tenant isolation, IAM, secrets management, and cloud boundaries.
- Embed security into engineering workflows through strong partnership with Engineering Directors and Principal Engineers.
- Own governance, risk, and compliance strategy, including SOC 2 maturity and audit readiness.
- Treat AI security as a first-class security domain and partner with our AI leaders to shape secure AI product strategy from inception.
- Define guardrails for internal AI usage, including data access boundaries, vendor risk, model retention policies, and prompt leakage risks.
- Anticipate how AI changes privilege models, data routing, and attack surface area.
- Ensure AI adoption increases leverage without creating uncontrolled data exposure.
- Define how security is embedded into CI/CD pipelines, infrastructure-as-code, identity systems, secrets management, and software supply chain workflows in partnership with platform and product engineering teams.
- Guide the design of logging, detection, and response capabilities across our cloud and developer environments.
- Oversee penetration testing programs and ensure findings translate into durable engineering improvements.
- Build and grow the DevSecOps capability over time, including hiring dedicated engineers to own security tooling and automation.
- Directly manage and coach the IT/InfoSec Manager and help mature the corporate IT, governance, risk, and compliance function.
- Ensure endpoint security, vendor access, onboarding/offboarding, and internal systems meet strong security standards.
- Align IT operations and compliance processes with engineering-driven security architecture.
Available for qualified candidates
