Security Engineer
Profound is the marketing platform for the AI era. As people increasingly turn to ChatGPT, Perplexity, and Gemini to decide what to buy, we give brands the intelligence to see how AI represents them and the Agents to act on it. Today, ~13% of the Fortune 500, plus companies like Ramp, Figma, Chime, Calendly, and DocuSign, use Profound to turn AI Search from a black box into a measurable growth channel.
Backed by Lightspeed, Sequoia, Kleiner Perkins, and Khosla Ventures at a $1B valuation, we're a lean, fast-moving team across NYC, SF, Buenos Aires, and London, shipping at a relentless pace and defining a new category at the biggest shift in marketing in 25 years. If you want to do the best work of your career at the frontier of AI, come build it with us.
As enterprises integrate AI into critical workflows, they need to trust that the platforms they rely on are secure, compliant, and resilient. That's where you come in.
We're hiring a Security Engineer to own Profound's security posture across our platform, infrastructure, and corporate environment. You'll be the first dedicated security hire, which means you'll shape how we approach access control, vulnerability management, compliance, and incident response from the ground up. You'll partner closely with our Engineering and Infrastructure teams to build practical, scalable security systems that protect customer data and enable rapid growth.
This role is ideal for someone who sees security as a business accelerator, not a blocker, and who thrives on building rather than auditing.
What you'll do
In your first 90 days, you'll focus on our most pressing priorities: partnering with our Infrastructure team to harden our AWS environment, driving SOC 2 Type II continuous compliance (defining controls and closing gaps), and integrating security scanning into our CI/CD pipelines.
Over time, you'll take on broader responsibility across our security posture:
Enforce least-privilege access controls and conduct regular access reviews across environments
Build and run a vulnerability management program spanning infrastructure, applications, and dependencies
Triage and respond to security findings from automated tooling, bug bounty programs, and third-party assessments
Partner with Infrastructure to implement detection and monitoring capabilities using log aggregation and SIEM tooling
Conduct risk assessments, maintain a risk register, and drive prioritization decisions
Build security policies and procedures that reflect how we actually operate
Lead post-incident reviews and drive systemic improvements
Must have
5+ years in security engineering, with experience in high-growth SaaS or infrastructure-heavy environments
Hands-on experience building or maintaining a SOC 2 compliance program
Strong knowledge of AWS security services and cloud security architecture (IAM, VPC, CloudTrail, GuardDuty, Security Hub)
Deep understanding of identity and authentication protocols (OAuth, SAML, OIDC)
Practical scripting skills in Python or Bash for automating security workflows
Strong plus
Experience integrating vulnerability management and security scanning (SAST, DAST, SCA, container scanning) into CI/CD workflows
Familiarity with network security fundamentals (firewalls, DNS, VPNs, segmentation, traffic analysis)
Experience with infrastructure-as-code security (Terraform, CloudFormation)
Background in penetration testing, application security assessments, or CTF competitions
Familiarity with data infrastructure security for systems like ClickHouse or PostgreSQL
Experience with data processing compliance in analytics-heavy environments
Relevant certifications (CISSP, CCSP, AWS Security Specialty, or similar)
Who you are
Clear communicator who can translate security risks into business terms for engineering, leadership, and customer-facing teams
Systems thinker who reasons about root causes, blast radius, and scalable control design
Self-directed with strong judgment and comfort operating with significant autonomy
Motivated by building the security foundation for a category-defining AI company
Compensation
For this role, the expected base salary range is $200,000 to $250,000 (NYC). Profound's total compensation package includes base salary, equity, and a full range of benefits and perks. Final compensation depends on skills, experience, qualifications, and location, and will be determined during the interview process. Our recruiting team will share more details about the full package as you move through hiring.
#LI-PRO
Note: All official communication from Profound will come from a @tryprofound.com email address. If you're contacted by anyone using a different domain, please disregard and report it as spam.
