PermitFlow: Building America's Future, Securely.
PermitFlow is revolutionizing how America builds. We are an applied AI company dedicated to empowering the nation's builders by solving one of the economy's most formidable information challenges: understanding what can be built, where, and how. Our advanced AI agent workforce guides the fastest-growing construction companies through every stage, from complex permitting and licensing to critical inspections and project closeouts. We're directly accelerating the development of essential housing, clean energy, and infrastructure across the country.
Despite being a $1.6T industry, construction is plagued by massive delays, wasted capital, and lost opportunities. PermitFlow has already delivered unprecedented speed, accuracy, and visibility to over $20B in development, enabling contractors to drastically reduce compliance time, de-risk projects, and scale with unwavering confidence.
America is on the cusp of a CAPEX super-cycle, driving unprecedented growth in data centers, factories, housing, and renewable energy. Joining PermitFlow means you'll be building the AI at the heart of every construction project, powering this monumental wave of re-industrialization.
We've secured over $90M in funding, most recently completing our Series B from leading investors including Accel, Kleiner Perkins, Initialized, Y Combinator, Felicis, and Altos Ventures. Our mission is also backed by leaders from OpenAI, Google, Procore, ServiceTitan, Zillow, PlanGrid, and Uber.
The Mission: Security Engineer
As a Security Engineer, you won't just maintain; you'll innovate. You'll be a foundational member of our growing Platform Team, critical to building, scaling, and continuously hardening the systems that secure our cutting-edge platform and ensure unwavering compliance. This is an opportunity to architect the core security backbone of PermitFlow, driving initiatives in compliance, risk reduction, security automation, and continuous improvement.
While your primary focus will be security and governance, this role demands a hands-on approach to coding and problem-solving across the entire stack. As a fast-growing startup, we thrive on collaboration and agility – flexibility and a proactive, security-first mindset are paramount to our collective success.
Your Impact & Responsibilities: Architect, design, and implement secure, compliant, scalable, and cost-efficient infrastructure solutions to safeguard our rapidly expanding product ecosystem. What You Bring to the Table: 5+ years of dedicated experience in Security Engineering, Application Security (AppSec), Governance, Risk, and Compliance (GRC), or similar impactful roles. Why Join PermitFlow? Competitive salary and meaningful equity in a high-growth, impactful company. Location & Work Model: PermitFlow provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, sex, national origin, age, disability, genetics, sexual orientation, gender identity, gender expression, or family status, as protected by applicable law.
Lead the execution and ongoing maintenance of our SOC2 compliance program and spearhead other vital security-related certifications.
Design, implement, and rigorously audit robust Role-Based Access Controls (RBAC), Identity and Access Management (IAM), and secrets management systems.
Champion and implement security best practices across our backend, frontend services, APIs, and critical data pipelines.
Take full ownership of security features, from initial architecture and implementation through comprehensive testing and production deployment.
Develop and maintain advanced security automation, Infrastructure as Code (IaC), and secure CI/CD pipelines.
Implement and manage sophisticated security monitoring, proactive threat detection, and comprehensive vulnerability management across our entire cloud infrastructure.
Establish and enforce stringent security best practices for authentication, authorization, logging, and alerting mechanisms.
Lead and actively participate in incident response, troubleshooting complex security issues, and driving continuous learning and improvements through postmortem analysis.
Collaborate seamlessly across all engineering teams to embed security into every stage of the software development lifecycle, strategically balancing compliance, velocity, and cost.
Proven track record in designing and implementing robust security controls for SOC2, ISO 27001, or comparable compliance frameworks.
Deep expertise in Role-Based Access Controls (RBAC), Identity and Access Management (IAM), and secrets management.
Strong experience with container security and orchestration (Docker, ECS; Kubernetes experience is a significant plus).
Expertise in building and maintaining secure CI/CD pipelines and leveraging modern security automation tools.
Proficiency in coding and scripting (TypeScript, Python, Go, Bash, etc.).
Hands-on experience with cloud security (GCP preferred) and securing complex distributed systems.
Familiarity with monitoring, observability, and incident management best practices.
Comfort working in a dynamic, compliance-focused startup environment, where adaptability and end-to-end security ownership are essential.
Comprehensive medical, dental, and vision coverage for you and your family.
Flexible PTO and generous paid family leave.
Home office & equipment stipend to ensure your comfort and productivity.
Engaging hybrid NYC office culture (3 days in-office/week) offering direct access to leadership and a collaborative environment.
In-Office Lunch & Dinner Provided on our in-office days.
Our HQ is nestled in the heart of New York City, operating on a hybrid schedule (3 in-office days per week). We strongly prefer NYC-based candidates or those excited by the prospect of relocation to join us in person.
We are committed to a diverse and inclusive workforce and welcome people from all backgrounds, experiences, perspectives, and abilities. All employment decisions are based on merit, qualifications, and business needs.