About the Role
This role is responsible for securing a multi-tenant platform processing sensitive insurance information by integrating security into the development lifecycle, covering secure SDLC, application security, cloud posture, and supply chain controls, while leading incident response.
Responsibilities
- Lead secure software development lifecycle practices and conduct security-focused code reviews across engineering teams.
- Manage end-to-end application security, including authorization, tenant isolation, protection against SSRF and injection attacks, and secure handling of secrets.
- Enhance cloud security configuration, focusing on GCP IAM policies, egress filtering, and supply chain integrity.
- Organize and oversee penetration tests, conduct threat modeling exercises, and manage vulnerability identification and remediation.
- Direct incident response efforts and drive progress toward compliance standards such as SOC 2.
Requirements
- Minimum of four years of experience in security engineering with deep expertise in application security.
- Proven experience securing cloud-native, multi-tenant environments.
- Practical understanding of OWASP Top risks and their mitigation in production code.
- Ability to collaborate effectively with development teams to integrate security seamlessly and efficiently.
Nice to Have
- Background in security detection and response or compliance and governance (GRC).
- Experience securing AI systems, large language models, or products handling regulated data.
Benefits
- Immediate ownership in a high-impact position.
- Competitive salary and substantial equity package.
- Close collaboration with founding team members and direct user feedback.
- Fully remote work environment with flexible arrangements.
- Chance to shape the development of an AI-native platform from inception.
Compensation
Competitive salary and meaningful equity
Work Arrangement
Remote-first
Team
Direct collaboration with founders and real users
ABOUT OUTMARKET
The company builds an AI platform for the insurance industry, used by over 250 brokerages to automate critical workflows such as quote comparisons, coverage analysis, policy review, and proposal generation. These capabilities are powered by customer-specific data with source citations, ensuring trustworthy outputs. The platform is SOC 2 Type II certified, operates on a single-tenant architecture, and does not use customer data for AI model training. It delivers measurable efficiency gains, saving teams 12–15 hours per week and reducing errors by about 65%, while maintaining an AI-first approach in both product and operations.
WHAT YOU’LL GET
A high-impact role with ownership from day one. Competitive compensation and meaningful equity. Direct collaboration with founders and real users. Remote-first flexibility. The opportunity to help build an AI-native product from the ground up.
ABOUT THE ROLE
We are hiring a Security Engineer to own product and application security for a multi-tenant platform handling sensitive insurance data. You will build security into how we ship, across secure SDLC, AppSec, cloud posture, and supply-chain, and lead our response when issues arise.
WHY THIS ROLE
Own security for a platform trusted with sensitive insurance and customer data. Build security into the product from the ground up, not bolt it on. Have broad scope across application, cloud, and supply-chain security.
