Security Engineer

crewAI • United States • 13h ago

We're looking for a mid-level security engineer to join our small security team and work directly alongside our Head of Platform Security. This is a hands-on, execution-focused role. You'll contribute across the full security programme — compliance evidence, vulnerability management, and detection operations — doing real work in the tools every day.

This is not a strategy role. You'll be supporting and executing within a programme that's already defined. What we need is someone technically capable, detail-oriented, and comfortable operating across multiple domains without losing the thread on any of them.

What you'll be doing

Compliance

Collect and maintain compliance evidence in our GRC tooling, keeping controls current and audit-ready
Identify and flag control gaps before they surface as audit findings
Support evidence requests across active compliance programmes and assist with auditor liaison as needed
Maintain accurate, current entries in the risk register
Management and upkeep of our GRC platform
Create and maintain our Security policies

Platform Security

Assist with building out platform security processes
Triage vulnerability findings from our internal tooling,
Create and track remediation tickets in Linear
Follow up with engineering to drive findings to closure
Complete Security questionnaires from potential customers

Operational Security

Monitor and triage alerts from our SIEM; escalate genuine incidents with context and a recommended action, not just raw alerts
Tune detection rules to reduce noise and improve signal quality
Support incident response activities as they arise
Implement Security controls

General programme support

Support access reviews and identity governance hygiene
Contribute to security documentation — policies, runbooks, and playbook updates
Pick up ad hoc security programme tasks as directed by the Head of Platform Security

Required

3–5 years in a security engineering, SecOps, or compliance engineering role
Direct, hands-on experience with a compliance audit cycle — evidence collection, control testing, not just awareness
Experience with SIEM tooling and alert triage — Wazuh, Splunk, Datadog Security, or equivalent
Exposure working in AWS environments
Strong written communication — able to produce a clear, concise risk summary without extensive direction
Able to work independently across multiple workstreams without losing detail

Valued

Experience across multiple compliance frameworks (SOC 2, ISO 27001, HIPAA, etc)
Relevant certifications (CISSP, CISM, Security+, OSCP)

Who you are

You treat compliance as an operational discipline, not a documentation exercise
You can hold context across compliance, detection, and vuln management in the same week — and deliver on all of them
You escalate with context: not just 'here's an alert' but 'here's what it means and what I recommend we do'
You ask good questions and raise concerns early, rather than quietly working around them
You're comfortable in a lean team where scope is broad and not everything is handed to you on a plate