Back to jobs
Summary of the Role:
As Security Engineer (Internal) at Maze, you'll be the founding member of our internal security function, building our security infrastructure, tooling, and compliance program from the ground up. This is a unique opportunity to join as one of the early team members of a well-funded startup building at the intersection of generative AI and cybersecurity, where you'll establish the security foundation that enables our hypergrowth.
You'll take full ownership of security tooling and monitoring, cloud infrastructure security, compliance preparation, and establishing security policies that scale with the business. Your success will be measured by the robustness of our security posture, readiness for enterprise customer requirements, and your ability to enable the engineering team to move fast without compromising security. This role is perfect for a hands-on security engineer who has built security programs at startups, thinks pragmatically about balancing security and velocity, and wants to architect security infrastructure using modern tools and AI-assisted workflows.
Build Security Tooling and Monitoring: Design and implement comprehensive security monitoring, logging, and alerting systems that provide visibility into our infrastructure and applications, serving as our first line of defense
Architect Cloud Infrastructure Security: Harden our AWS infrastructure using security best practices, implement infrastructure-as-code security controls with Terraform, and ensure our cloud environment is secure by design
Drive Compliance Readiness: Lead the preparation for SOC2, ISO27001, and other compliance frameworks, building the documentation, controls, and evidence collection systems that support enterprise sales
Establish Security Policies: Create pragmatic security policies and procedures that enable the team to move quickly while maintaining strong security standards, avoiding security theater in favor of practical controls
Automate Security Operations: Build security automation and tooling using code and scripts, leveraging AI-assisted development to accelerate implementation while maintaining high quality
Manage Vendor Security: Conduct security assessments of third-party vendors and tools, ensuring our supply chain security aligns with enterprise standards
Enable Incident Response: Develop incident response plans and runbooks, establishing clear processes for detecting, responding to, and recovering from security incidents
Partner with Engineering Teams: Work closely with engineering to embed security into development workflows, providing guidance and tooling that makes secure development the default path
Proven Security Engineering Experience: 5+ years building and implementing security infrastructure, with hands-on experience in cloud security, security tooling, and establishing security programs at fast-growing companies
AWS Security Expertise: Deep knowledge of AWS security services and best practices, with experience securing cloud infrastructure, implementing IAM policies, and leveraging AWS-native security tools
Infrastructure as Code Proficiency: Strong experience with Terraform for managing security controls programmatically, with ability to build and maintain secure, scalable infrastructure through code
Security Tooling Implementation: Hands-on experience implementing and managing security monitoring, SIEM platforms, vulnerability scanning, and security automation tools
Coding and Scripting Skills: Proficiency in Python, Bash, or similar languages for building security automation, custom tooling, and integrating security into development workflows
Compliance and GRC Knowledge: Practical experience with security frameworks like SOC2, ISO27001, or similar, with ability to translate compliance requirements into technical controls
Pragmatic Security Mindset: Track record of balancing security rigor with business velocity, implementing practical security controls that enable rather than block engineering teams
Self-Directed Execution: Ability to operate autonomously as a solo security engineer, prioritizing work effectively and building security infrastructure without extensive oversight
Nice to haves:
Experience building security programs at early-stage startups (seed through Series B)
Background in DevOps or SRE with transition to security engineering
Familiarity with container security (Docker, Kubernetes)
Experience with security automation frameworks and AI-assisted security workflows
Track record of building vs buying security tools based on startup constraints
Previous experience in cybersecurity product companies
Build Security from Zero: Own the entire internal security function from day one, establishing the security architecture, tooling, and practices that will scale Maze through hypergrowth with complete autonomy over your domain
AI-Native Security Approach: Leverage cutting-edge AI tools to build security infrastructure faster and smarter, pioneering new approaches to security automation and monitoring in an AI-first environment
Expert Team Partnership: Work alongside a CTO and engineering team with deep experience in both AI and cybersecurity, providing strong technical partnership while giving you ownership of the security domain
Enable Critical Innovation: Your security infrastructure will directly enable breakthrough AI-powered cybersecurity solutions that protect organizations worldwide, making security an enabler of innovation rather than a blocker
Career Growth Flexibility: Clear path to grow into security leadership or remain as a senior IC contributor based on your interests and aspirations, with significant equity upside and mentorship from experienced operators