Key skills
TypeScriptPythonGoBashAIAWSAzureGCPTerraformKubernetesGitHub ActionsPulumiEKSAKSGKEHelmArgoCDIAMGitHubSaaSCI/CDCommunicationCollaborationCloud Security
About this role
Maven AGI is an enterprise AI platform founded in July 2023 by executives from HubSpot, Google, and Stripe. They are seeking a deeply technical Security Operations Engineer to own and evolve the security infrastructure for their AI platform, focusing on compliance and security posture as the company scales.
Responsibilities:
- Own the security posture of our infrastructure, including Kubernetes clusters: admission control, network policy, runtime threat detection, and workload isolation
- Harden CI/CD pipelines against supply chain threats: SAST/DAST, SBOM generation, signed artifacts, and dependency scanning across a large-scale monorepo
- Design, implement, and maintain security infrastructure across cloud providers (Azure, AWS, GCP) using infrastructure-as-code (Pulumi, Terraform, Helm)
- Build and operate detection and response capabilities (SIEM, audit logging, alerting) and lead incident response end-to-end: from triage to forensics to postmortem
- Support compliance programs (SOC 2, HIPAA, ISO): evidence automation, control mapping, audit readiness, and customer security reviews
- Manage identity, secrets, and access controls across cloud, SaaS, and Kubernetes, enforcing least privilege and short-lived credentials by default
- Address AI-specific risks (model access, prompt injection, data exfiltration) as we expand our agent platform
- Evaluate and adopt new tooling to reduce manual toil and scale security coverage as the company grows
Requirements:
- 3-7 years of professional Security Engineering, DevOps, or SRE experience
- Strong infrastructure-as-code and policy-as-code skills
- Hands-on experience securing CI/CD systems (GitHub Actions, ArgoCD): supply chain controls, secret scanning, signed builds
- Deep experience with detection and response tooling (SIEM, EDR, audit logging) and leading incidents end-to-end
- Proficiency in at least one scripting/programming language (Python, Go, TypeScript, or Bash) for automation and tooling
- Solid understanding of cloud security across IaaS providers: IAM, networking, DNS, TLS, KMS, and identity federation
- Experience securing Kubernetes in production (AKS, EKS, or GKE): RBAC, network policy, admission control, runtime security
- Working knowledge of at least one compliance framework (SOC 2, HIPAA, ISO 27001, GDPR) and the engineering work behind audit readiness
- Strong communication and cross-team collaboration skills: security at a startup is a partnership, not a gate
- Organized, detail-oriented, comfortable operating in a ticketing environment
- Thrives in fast-paced startup environments
- Compliance automation experience (Vanta, Drata, or in-house evidence collection)
- Experience with multi-cloud or hybrid (cloud + on-prem) deployments
- Background in offensive security, red teaming, or CTF
- Contributions to open-source security tooling