Security Engineer (Internal)

Summary of the Role:

As Security Engineer (Internal) at Maze, you'll be the founding member of our internal security function, building our security infrastructure, tooling, and compliance program from the ground up. This is a unique opportunity to join as one of the early team members of a well-funded startup building at the intersection of generative AI and cybersecurity, where you'll establish the security foundation that enables our hypergrowth.

You'll take full ownership of security tooling and monitoring, cloud infrastructure security, compliance preparation, and establishing security policies that scale with the business. Your success will be measured by the robustness of our security posture, readiness for enterprise customer requirements, and your ability to enable the engineering team to move fast without compromising security. This role is perfect for a hands-on security engineer who has built security programs at startups, thinks pragmatically about balancing security and velocity, and wants to architect security infrastructure using modern tools and AI-assisted workflows.

• Build Security Tooling and Monitoring: Design and implement comprehensive security monitoring, logging, and alerting systems that provide visibility into our infrastructure and applications, serving as our first line of defense

• Architect Cloud Infrastructure Security: Harden our AWS infrastructure using security best practices, implement infrastructure-as-code security controls with Terraform, and ensure our cloud environment is secure by design

• Drive Compliance Readiness: Lead the preparation for SOC2, ISO27001, and other compliance frameworks, building the documentation, controls, and evidence collection systems that support enterprise sales

• Establish Security Policies: Create pragmatic security policies and procedures that enable the team to move quickly while maintaining strong security standards, avoiding security theater in favor of practical controls

• Automate Security Operations: Build security automation and tooling using code and scripts, leveraging AI-assisted development to accelerate implementation while maintaining high quality

• Manage Vendor Security: Conduct security assessments of third-party vendors and tools, ensuring our supply chain security aligns with enterprise standards

• Enable Incident Response: Develop incident response plans and runbooks, establishing clear processes for detecting, responding to, and recovering from security incidents

• Partner with Engineering Teams: Work closely with engineering to embed security into development workflows, providing guidance and tooling that makes secure development the default path

• Proven Security Engineering Experience: 5+ years building and implementing security infrastructure, with hands-on experience in cloud security, security tooling, and establishing security programs at fast-growing companies

• AWS Security Expertise: Deep knowledge of AWS security services and best practices, with experience securing cloud infrastructure, implementing IAM policies, and leveraging AWS-native security tools

• Infrastructure as Code Proficiency: Strong experience with Terraform for managing security controls programmatically, with ability to build and maintain secure, scalable infrastructure through code

• Security Tooling Implementation: Hands-on experience implementing and managing security monitoring, SIEM platforms, vulnerability scanning, and security automation tools

• Coding and Scripting Skills: Proficiency in Python, Bash, or similar languages for building security automation, custom tooling, and integrating security into development workflows

• Compliance and GRC Knowledge: Practical experience with security frameworks like SOC2, ISO27001, or similar, with ability to translate compliance requirements into technical controls

• Pragmatic Security Mindset: Track record of balancing security rigor with business velocity, implementing practical security controls that enable rather than block engineering teams

• Self-Directed Execution: Ability to operate autonomously as a solo security engineer, prioritizing work effectively and building security infrastructure without extensive oversight

• Nice to haves:

  • Experience building security programs at early-stage startups (seed through Series B)

  • Background in DevOps or SRE with transition to security engineering

  • Familiarity with container security (Docker, Kubernetes)

  • Experience with security automation frameworks and AI-assisted security workflows

  • Track record of building vs buying security tools based on startup constraints

  • Previous experience in cybersecurity product companies

• Build Security from Zero: Own the entire internal security function from day one, establishing the security architecture, tooling, and practices that will scale Maze through hypergrowth with complete autonomy over your domain

• AI-Native Security Approach: Leverage cutting-edge AI tools to build security infrastructure faster and smarter, pioneering new approaches to security automation and monitoring in an AI-first environment

• Expert Team Partnership: Work alongside a CTO and engineering team with deep experience in both AI and cybersecurity, providing strong technical partnership while giving you ownership of the security domain

• Enable Critical Innovation: Your security infrastructure will directly enable breakthrough AI-powered cybersecurity solutions that protect organizations worldwide, making security an enabler of innovation rather than a blocker

• Career Growth Flexibility: Clear path to grow into security leadership or remain as a senior IC contributor based on your interests and aspirations, with significant equity upside and mentorship from experienced operators