Security Engineer

crewAI • United States • 1m ago

Why This Job is Featured on The SaaS Jobs

Security engineering roles in SaaS increasingly sit at the intersection of customer trust and platform reliability, and this listing reflects that reality. The remit spans compliance operations, vulnerability management, and detection work, signalling a product company where security outcomes are closely tied to winning and retaining customers. The emphasis on day to day execution in real tools, rather than strategy, is typical of SaaS teams building repeatable security programmes alongside ongoing product delivery.

For a SaaS career, this kind of scope builds durable fundamentals. Hands on exposure to audit cycles, GRC hygiene, and risk registers develops an understanding of how SaaS companies operationalise security at scale. Pairing that with SIEM triage, detection tuning, and remediation tracking offers a practical view of how security work flows through engineering systems and back into measurable risk reduction, which transfers well across cloud native SaaS environments.

This role suits a mid level practitioner who prefers ownership of detailed workstreams and can switch contexts without losing accuracy. It will appeal to someone who enjoys translating noisy signals into clear recommendations, and who values close collaboration with a platform security lead while still operating independently across compliance and operations.

The section above is editorial commentary from The SaaS Jobs, provided to help SaaS professionals understand the role in a broader industry context.

Job Description

We're looking for a mid-level security engineer to join our small security team and work directly alongside our Head of Platform Security. This is a hands-on, execution-focused role. You'll contribute across the full security programme — compliance evidence, vulnerability management, and detection operations — doing real work in the tools every day.

This is not a strategy role. You'll be supporting and executing within a programme that's already defined. What we need is someone technically capable, detail-oriented, and comfortable operating across multiple domains without losing the thread on any of them.

What you'll be doing

Compliance

Collect and maintain compliance evidence in our GRC tooling, keeping controls current and audit-ready
Identify and flag control gaps before they surface as audit findings
Support evidence requests across active compliance programmes and assist with auditor liaison as needed
Maintain accurate, current entries in the risk register
Management and upkeep of our GRC platform
Create and maintain our Security policies

Platform Security

Assist with building out platform security processes
Triage vulnerability findings from our internal tooling,
Create and track remediation tickets in Linear
Follow up with engineering to drive findings to closure
Complete Security questionnaires from potential customers

Operational Security

Monitor and triage alerts from our SIEM; escalate genuine incidents with context and a recommended action, not just raw alerts
Tune detection rules to reduce noise and improve signal quality
Support incident response activities as they arise
Implement Security controls

General programme support

Support access reviews and identity governance hygiene
Contribute to security documentation — policies, runbooks, and playbook updates
Pick up ad hoc security programme tasks as directed by the Head of Platform Security

Required

3–5 years in a security engineering, SecOps, or compliance engineering role
Direct, hands-on experience with a compliance audit cycle — evidence collection, control testing, not just awareness
Experience with SIEM tooling and alert triage — Wazuh, Splunk, Datadog Security, or equivalent
Exposure working in AWS environments
Strong written communication — able to produce a clear, concise risk summary without extensive direction
Able to work independently across multiple workstreams without losing detail

Valued

Experience across multiple compliance frameworks (SOC 2, ISO 27001, HIPAA, etc)
Relevant certifications (CISSP, CISM, Security+, OSCP)

Who you are

You treat compliance as an operational discipline, not a documentation exercise
You can hold context across compliance, detection, and vuln management in the same week — and deliver on all of them
You escalate with context: not just 'here's an alert' but 'here's what it means and what I recommend we do'
You ask good questions and raise concerns early, rather than quietly working around them
You're comfortable in a lean team where scope is broad and not everything is handed to you on a plate