Security Engineer

Profound is on a mission to help companies understand and control their AI presence. We are hiring a Security Engineer to own the security posture of our platform, infrastructure, and corporate environment. You will work directly with Engineering and Operations teams to build and maintain the security controls, compliance programs, and threat defenses that protect customer data and enable rapid growth.

This role is ideal for someone who sees security as a business accelerator rather than a blocker and who thrives on building practical, scalable security systems from the ground up. As the first dedicated security hire, you will shape how we approach access control, vulnerability management, compliance, and incident response as we scale.

What you’ll do

• Design, implement, and maintain role-based and attribute-based access control across production systems, cloud infrastructure, and corporate tools

• Own identity and access management including SSO, SCIM provisioning, and lifecycle automation across Google Workspace, AWS, and internal systems

• Conduct regular access reviews and enforce least-privilege principles across environments

• Build automated workflows for onboarding, offboarding, and role change provisioning

• Build and run a vulnerability management program across infrastructure, applications, and dependencies

• Integrate security scanning into CI or CD pipelines including SAST, DAST, SCA, and container image scanning

• Triage and respond to security findings from automated tools, bug bounty programs, and third-party assessments

• Own SOC 2 Type II compliance end to end, including defining controls, collecting evidence, managing auditor relationships, and closing gaps

• Build and maintain security policies, standards, and procedures aligned with operational reality

• Support customer security reviews, vendor assessments, and due diligence processes

• Conduct risk assessments and maintain a risk register that informs prioritization decisions

• Secure AWS infrastructure including VPC architecture, security groups, IAM policies, and network segmentation

• Implement and maintain logging, monitoring, and alerting for security-relevant events across cloud and corporate systems

• Oversee physical security controls for the Union Square office including access management, visitor policies, and asset tracking

• Build and maintain an incident response plan, run tabletop exercises, and lead incident response when necessary

• Implement detection capabilities using log aggregation, SIEM tooling, and anomaly detection

• Conduct post-incident reviews and drive systemic improvements

Who you are

• 3 or more years of experience in security engineering, including experience in high-growth SaaS or infrastructure-heavy environments

• Deep understanding of access control models, identity management systems, and authentication protocols such as OAuth, SAML, and OIDC

• Hands-on experience building or maintaining a SOC 2 compliance program

• Strong knowledge of AWS security services and cloud security architecture including IAM, VPC, CloudTrail, GuardDuty, and Security Hub

• Experience integrating vulnerability management tooling into CI or CD workflows

• Familiarity with network security fundamentals including firewalls, DNS, VPNs, segmentation, and traffic analysis

• Practical scripting skills in Python or Bash for automation of security workflows

• Clear communicator who can translate security risks into business terms for engineering, leadership, and customer-facing teams

• Systems thinker who understands root causes, blast radius, and scalable control design

• Self-directed with strong judgment and comfort operating with significant autonomy

• Motivated by building the security foundation for a category-defining AI company

• Experience with infrastructure as code security such as Terraform or CloudFormation

• Familiarity with data infrastructure security for systems such as ClickHouse or PostgreSQL

• Background in penetration testing or application security assessments

• Relevant certifications such as CISSP, CCSP, AWS Security Specialty, or similar

• Experience with data processing compliance in analytics-heavy environments

Location

This is an on-site role based in our Union Square, NYC office, designed for builders who thrive on speed, iteration, and meaningful impact. We are happy to support visa sponsorship for qualified international candidates.

For this role, the expected base salary range is $80,000 to $150,000. Profound’s total compensation package is designed to be competitive and includes base salary, equity, and a full range of benefits and perks. Final compensation will depend on factors such as your skills, experience, qualifications, and location, and will be determined during the interview process. Our recruiting team will share more details about the full compensation package and benefits as you move through hiring.