Founding Security Engineer

Attention is a company scaling from Series A toward Series B, and they are seeking a Founding Security Engineer to build and lead their security program. This hands-on role involves designing secure systems, leading compliance efforts, and establishing a mature security program as the company grows.

Responsibilities:

• Embed security-by-design into our platform and infrastructure
• Partner with engineering to implement DevSecOps practices and automated security testing
• Conduct architecture reviews, threat modeling, and security assessments
• Implement security tooling across cloud infrastructure and CI/CD pipelines
• Lead security certification initiatives such as ISO 27001 and SOC 2
• Own customer security questionnaires and security reviews with enterprise clients
• Develop and maintain security policies, controls, and documentation
• Manage vulnerability management and security patching processes
• Coordinate penetration testing and remediation programs
• Introduce automated and AI-assisted security testing tools
• Establish risk management and security governance practices
• Build business continuity and disaster recovery programs aligned with ISO 22301
• Develop the foundations for a future security team

Requirements:

• 5–8+ years experience in cybersecurity, security engineering, or cloud security
• Strong understanding of modern cloud security architectures (AWS/GCP/Azure)
• Experience implementing or supporting ISO 27001, SOC 2, or similar frameworks
• Hands-on experience with DevOps / DevSecOps practices
• Familiarity with penetration testing, vulnerability management, and threat modeling
• Ability to work closely with engineering teams and leadership
• Experience building security programs in high-growth startups
• Experience with container security, Kubernetes, and infrastructure-as-code
• Experience with red team / blue team exercises
• Familiarity with AI-driven security tools or automated pentesting platforms