Security Engineer (Internal)
Summary of the Role:
As Security Engineer (Internal) at Maze, you'll own how we secure ourselves — our cloud, our applications, and the way our engineers build. This is a unique opportunity to join a well-funded Series A startup building at the intersection of generative AI and cybersecurity, establishing the internal security foundation that lets a three-product company keep moving fast as it scales.
You'll take hands-on ownership of cloud infrastructure security, application security, security tooling, and the compliance work that unlocks enterprise deals. We're deliberately looking for a strong generalist rather than a narrow specialist: someone who can harden our AWS environment and identity model, get into the weeds on application security, and run a pragmatic compliance program — and who knows when a control is worth the friction and when it isn't. Your success will be measured by the robustness of our security posture, our readiness for enterprise customer requirements, and your ability to make secure the default path for engineering rather than a blocker.
This role is perfect for a pragmatic, broad security engineer who has built and run security at a startup, thrives with autonomy, and wants to own a domain end-to-end. You'll be our founding internal security hire — but not a lone wolf for long: this is the first role in a function we expect to grow, and as we scale we'll add to the team and bring in dedicated security leadership. You'll set the foundations the rest of that team is built on, and have a clear runway to grow alongside it.
Your Contributions to Our Journey:
Harden Our Cloud Infrastructure: Secure our AWS environment by design — identity and access management, hardening, network and infrastructure-as-code controls (Terraform) — closing real risk rather than chasing checkboxes
Own Application Security: Embed application security into how we build, from secure-by-default patterns and code review guidance to triaging and driving down vulnerabilities across our own products and services
Build Security Tooling and Monitoring: Stand up the monitoring, logging, and alerting that gives us visibility across infrastructure and applications, and serve as our first line of defence
Run Compliance Pragmatically: Lead readiness for SOC2, ISO27001, and similar frameworks — building the controls, documentation, and evidence that support enterprise sales without drowning the team in process
Establish Security Policies That Enable: Create practical security policies and procedures that keep standards high while letting the team move quickly — no security theatre
Automate Security Operations: Build security automation and tooling in code, using AI-assisted workflows to ship faster while keeping quality high
Manage Vendor and Supply-Chain Security: Assess third-party vendors and tools so our supply chain meets enterprise expectations
Enable Incident Response: Develop incident response plans and runbooks, and establish clear processes for detecting, responding to, and recovering from security incidents
What You Need to Be Successful:
Broad, Hands-On Security Engineering: 5+ years building and running security, with genuine breadth across cloud security and application security rather than depth in only one — comfortable being the person who covers the whole surface area
AWS Security Expertise: Deep, hands-on knowledge of AWS security — IAM, hardening, and AWS-native security tooling — with the judgement to prioritise what matters
Application Security Capability: Real experience finding and fixing application-layer vulnerabilities, and embedding secure development practices into engineering workflows
Infrastructure as Code Proficiency: Strong experience managing security controls programmatically with Terraform, building secure, scalable infrastructure through code
Coding and Scripting Skills: Proficiency in Python, Bash, or similar for security automation, custom tooling, and integrating security into development workflows
Compliance and GRC Know-How: Practical experience translating SOC2, ISO27001, or similar requirements into technical controls — without letting process become the product
Pragmatic Security Mindset: A track record of balancing security rigour with business velocity, implementing controls that enable engineering rather than block it
Startup Self-Direction: Proven ability to operate autonomously as an early security hire, prioritise ruthlessly, and build without extensive oversight — and to thrive in the ambiguity of an early-stage company
Foundation-Setter: Mindset to build security in a way others can build on as the team grows — clear documentation, repeatable processes, and standards a future team and security leadership inherit cleanly
Nice to haves:
Experience building security programs at early-stage startups (seed through Series B)
Background in DevOps or SRE that grew into security engineering
Familiarity with container security (Docker, Kubernetes)
Experience at a cybersecurity product company
A bias toward building vs buying security tooling under startup constraints
AI-assisted security workflow experience
Why Join Us:
Ambitious Challenge: We're building at the intersection of generative AI (LLMs and agents) and cybersecurity — and you'll secure the company doing it, across cloud and application security.
Build Security from Zero: Own the internal security function from day one, establishing the architecture, tooling, and practices that scale Maze through hypergrowth — then help grow the team and function around you as we scale.
Expert Team: Work alongside a CTO and engineering team with deep experience in AI and cybersecurity — hands-on leaders who have been part of multiple acquisitions and an IPO — giving you strong technical partnership while you own security.
Impactful Work: Cybersecurity is a force for good. Your work directly enables AI-powered security solutions that protect organisations worldwide — making security an enabler of innovation, not a blocker.
Build an AI-native Company: Join early enough to design everything from the ground up, with significant equity upside and a clear path to grow as our security organisation matures.