Product Security Engineer

Compa

2h ago 0 views 0 applications
Full-time Hybrid
Engineering Sites- Orange County, Denver, Seattle, San Francisco
$185,000 - $220,000
Full-time
Security Engineer

Job Description

Pioneering Product Security Engineer (Founding Role)

Compa is at the forefront of revolutionizing compensation intelligence, empowering companies with real-time data to navigate a dynamic job market, optimize costs, and attract top talent amidst the rise of AI. Our premier real-time compensation data platform delivers unparalleled intelligence to industry leaders like NVIDIA, Stripe, DoorDash, OpenAI, T-Mobile, Moderna, Workday, Ulta, Target, and more.

We are a venture-backed AI startup driven by a collaborative, curious, and innovative team that values transparency, ownership, and continuous learning. While our headquarters are in Irvine, California, we also have growing sites in Denver, Colorado, and San Francisco, California, prioritizing in-person collaboration where possible.

The Opportunity: Build Product Security from the Ground Up

This is your chance to be the **founding Product Security Engineer** at Compa, a high-impact senior individual contributor role reporting directly to the Head of Security. You won't just advise; you'll architect, build, and lead, establishing the bedrock of secure software development for our cutting-edge AI-powered platform.

As the primary security voice at the product layer, you will define and operationalize secure engineering practices, leveraging automation and developer tooling to continuously elevate our security posture as we scale. You will lead strategic security initiatives from design through initial implementation, then partner with Engineering to scale and maintain. Influence crucial decisions, proactively shaping how Engineering and Product teams approach security, risk, architecture, and secure software development.

What You'll Do:

Define the Security Frontie

Lead comprehensive security reviews: architecture, threat modeling, and design across our applications, APIs, cloud infrastructure, data pipelines, and critical AI-enabled systems.
Architect secure-by-default solutions: Develop robust security standards, reference architectures, and secure design patterns that empower teams to build securely by default.
Elevate our Secure Software Development Lifecycle (SDLC): Define and continuously improve the SDLC, embedding security deeply into engineering workflows and release processes.
Drive security assessments: Lead assessments for new products, major features, third-party integrations, and emerging technologies.
Act as a trusted advisor: Serve as a technical authority on security architecture, implementation decisions, and risk tradeoffs.
Champion security communication: Articulate complex security concepts clearly to diverse audiences — from engineering design reviews to product documentation, trust portal content, and customer diligence conversations.

Engineer for Scale and Leverage

Build foundational security tooling: Design and implement reusable security patterns, libraries, and developer tools that scale secure-by-default practices across engineering.
Automate security guardrails: Implement security automation and guardrails that improve security posture while reducing developer friction.
Collaborate on cloud security: Partner with Platform Engineering on cloud security posture, infrastructure hardening, secrets management, workload identity, and security observability.

Secure the AI Revolution

Pioneer AI security patterns: Define and operationalize secure patterns for AI-enabled products, agents, MCP servers, tool integrations, and retrieval systems.
Anticipate and mitigate AI risks: Evaluate emerging AI security risks, translating them into practical architectural guidance, engineering controls, and platform capabilities.
Foster safe AI adoption: Partner with developers to improve the safe and scalable use of AI throughout the software development lifecycle, including AI-assisted tools and emerging workflows.

Strategic Impact & Execution

Prototype and implement strategic initiatives: Deliver initial production-ready implementations for strategic initiatives, establishing patterns for broader adoption.
Contribute to incident response: Participate in security incident response, investigations, and remediation efforts when needed.

What You'll Bring:

Minimum Qualifications

A proven track record of 5+ years of Software Engineering experience, including designing and shipping production software.
Exceptional programming fundamentals in at least one modern language, with the agility to quickly master new ones.
Hands-on expertise performing application security reviews, threat modeling, or security design reviews.
Extensive experience designing, building, or securing cloud-native applications and distributed systems.
Deep understanding of cloud security, IAM, CI/CD, containers, infrastructure-as-code, and software supply chain security.
Demonstrated ability to influence engineering organizations through technical leadership and architectural guidance.
Strong systems thinking, sound judgment, and the capacity to reason about architecture, scale, operational risk, and engineering tradeoffs while operating effectively in ambiguous, fast-moving environments.
Adept at translating complex security risks into clear business and engineering terms, effectively influencing decisions at the leadership level without direct authority.

Preferred Qualifications

Direct experience securing cloud-native infrastructure within AWS environments.
Proficiency in designing or implementing enterprise-facing capabilities such as SAML, SCIM, RBAC, audit logging, or customer-facing security controls.
Track record of building security automation, developer tooling, or internal platforms that significantly improved engineering velocity and security outcomes.
Experience building, operating, or securing AI-enabled products, agents, MCP servers, or retrieval systems.
Prior experience in building or scaling a Product Security or Security Engineering function within a high-growth technology company.

CyberJob.app

Your trusted source for cybersecurity job opportunities worldwide.


© 2026 CyberJob.app. All rights reserved.