Head of Security

The Role

We’re hiring a Security Engineer to own and implement company-wide security systems and practices across Mecka.

This is a high-ownership, hands-on role working closely with leadership to define and execute our security strategy and risk posture.

You will be responsible for securing everything from devices → infrastructure → data → access, while building systems that scale with the company.

This role is ideal for someone who can operate as a practical security operator — not just setting policy, but actively implementing and managing systems.

Responsibilities

Security Strategy & Risk Management

• Own and evolve Mecka’s overall security posture and risk framework

• Identify vulnerabilities and proactively mitigate risks across systems

• Define and enforce security standards and best practices across the company

Device & Endpoint Security

• Implement and manage MDM systems (laptops, devices, access control)

• Enforce device hardening, access policies, and security configurations

• Manage onboarding/offboarding security for all employee devices

Infrastructure & Application Security

• Secure infrastructure across:

  • Cloud environments

  • Internal systems

  • Developer workflows

• Implement best practices for:

  • Secrets management

  • IAM (identity and access management)

  • CI/CD security

• Work closely with engineering to ensure secure system design

Identity & Access Management

• Own and manage SSO, MFA, and access control systems

• Define and enforce role-based access policies

• Ensure secure onboarding, role changes, and offboarding processes

Data Security & Protection

• Define and enforce data handling and access policies

• Implement encryption, key management, and secure storage practices

• Ensure sensitive data is properly protected across systems

Monitoring & Incident Response

• Monitor systems for security threats and suspicious activity

• Respond to incidents (phishing, breaches, unauthorized access, etc.)

• Build and maintain incident response processes and playbooks

Vendor & Compliance Security

• Audit and secure third-party vendors, tools, and integrations

• Support compliance initiatives (e.g. SOC 2, enterprise requirements)

• Ensure security standards are maintained across external dependencies

Who You Are

Required Experience

• 4+ years of experience in security engineering, infrastructure, or related roles

• Experience securing cloud environments, internal systems, and developer workflows

• Strong understanding of IAM, access control, and authentication systems

• Experience with endpoint security and MDM tools

• Experience implementing practical, real-world security systems

Strong Signals

• Experience in startup or high-growth environments

• Experience with SOC 2 or enterprise security requirements

• Strong knowledge of secrets management, encryption, and key management

• Experience working closely with engineering teams on secure systems

• Ability to balance security with speed and usability

You Are

• Highly practical and execution-focused

• Comfortable owning security across multiple layers of the stack

• Strong at identifying risks and implementing real solutions quickly

• Able to operate with high ownership and autonomy

• Focused on building secure systems that don’t slow the company down

Why This Role

• Own and build security from the ground up

• Direct impact on protecting company systems, data, and customers

• Work closely with leadership and engineering on critical infrastructure

• Enable enterprise readiness and trust with customers

• High ownership role with significant scope and responsibility