Security Engineer (Internal) - Be the Founding Security Force at Maze!
Ready to build a security fortress from the ground up? At Maze, we're forging the future at the intersection of generative AI and cybersecurity. As our first Security Engineer (Internal), you'll be the architect of our internal security function, shaping our infrastructure, tooling, and compliance program from day one. This is your chance to be a pivotal player in a well-funded startup and establish a rock-solid security foundation that fuels our hypergrowth.
Imagine owning security tooling and monitoring, hardening our cloud infrastructure, spearheading compliance initiatives, and crafting scalable security policies. Your success will be measured by the strength of our security posture, our readiness to meet enterprise customer demands, and your ability to empower our engineering team to innovate securely. If you're a hands-on security engineer who thrives on building security programs at startups, balancing security with agility, and architecting cutting-edge security infrastructure with modern tools and AI-assisted workflows, this is your dream role.
Your Mission:
Build Security Tooling & Monitoring: Design and deploy comprehensive security monitoring, logging, and alerting systems to provide unparalleled visibility into our infrastructure and applications, acting as our first line of defense.
Architect Cloud Infrastructure Security: Fortify our AWS infrastructure using security best practices, implement infrastructure-as-code security controls with Terraform, and ensure our cloud environment is secure by design.
Drive Compliance Readiness: Lead the charge in preparing for SOC2, ISO27001, and other critical compliance frameworks. Build the documentation, controls, and evidence collection systems that will unlock enterprise sales.
Establish Security Policies: Craft pragmatic security policies and procedures that empower our team to move swiftly while maintaining robust security standards. We prioritize practical controls over unnecessary bureaucracy.
Automate Security Operations: Develop security automation and tooling using code and scripts, leveraging AI-assisted development to accelerate implementation without compromising quality.
Manage Vendor Security: Conduct thorough security assessments of third-party vendors and tools, ensuring our supply chain security aligns with stringent enterprise standards.
Enable Incident Response: Develop comprehensive incident response plans and runbooks, establishing crystal-clear processes for detecting, responding to, and recovering from security incidents.
Partner with Engineering Teams: Collaborate closely with engineering to embed security into development workflows, providing the guidance and tooling that makes secure development the default path.
What You'll Need to Succeed:
Proven Security Engineering Experience: 5+ years of experience building and implementing security infrastructure, with hands-on expertise in cloud security, security tooling, and establishing security programs at fast-growing companies.
AWS Security Expertise: Deep understanding of AWS security services and best practices, with proven experience securing cloud infrastructure, implementing IAM policies, and leveraging AWS-native security tools.
Infrastructure as Code Proficiency: Strong command of Terraform for managing security controls programmatically, with the ability to build and maintain secure, scalable infrastructure through code.
Security Tooling Implementation: Hands-on experience implementing and managing security monitoring, SIEM platforms, vulnerability scanning, and security automation tools.
Coding and Scripting Skills: Proficiency in Python, Bash, or similar languages for building security automation, custom tooling, and integrating security into development workflows.
Compliance and GRC Knowledge: Practical experience with security frameworks like SOC2, ISO27001, or similar, with the ability to translate compliance requirements into technical controls.
Pragmatic Security Mindset: A proven track record of balancing security rigor with business velocity, implementing practical security controls that empower rather than hinder engineering teams.
Self-Directed Execution: The ability to operate autonomously as a solo security engineer, effectively prioritizing work and building security infrastructure without extensive oversight.
Bonus Points:
Experience building security programs at early-stage startups (seed through Series B).
Background in DevOps or SRE with a transition to security engineering.
Familiarity with container security (Docker, Kubernetes).
Experience with security automation frameworks and AI-assisted security workflows.
A track record of strategically building vs. buying security tools based on startup constraints.
Previous experience in cybersecurity product companies.
Why You'll Love Working Here:
Build a Security Empire: Own the entire internal security function from the ground up. Establish the security architecture, tooling, and practices that will scale Maze through hypergrowth. You'll have complete autonomy over your domain.
AI-Powered Security: Leverage cutting-edge AI tools to build security infrastructure faster and smarter. Pioneer new approaches to security automation and monitoring in an AI-first environment.
Learn from the Best: Work alongside a CTO and engineering team with deep expertise in both AI and cybersecurity. Benefit from strong technical partnership while having full ownership of the security domain.
Impactful Innovation: Your security infrastructure will directly enable breakthrough AI-powered cybersecurity solutions that protect organizations worldwide. Make security an enabler of innovation, not a blocker.
Growth Opportunities: Enjoy a clear path to grow into security leadership or remain as a senior IC contributor, based on your interests and aspirations. Benefit from significant equity upside and mentorship from experienced operators.