Security Engineer

About the company

Joist AI is a technology company revolutionizing the way professionals in the architecture, engineering, and construction (AEC) industry manage marketing and revenue operations. Our AI-powered software streamlines workflows, making it easier for teams to collaborate, innovate, and succeed.

About the role

We are looking for a Security Engineer to embed robust security practices into the very fabric of our AI-powered platform. Your goal is to eliminate risk without slowing down our engineering teams by championing a "Security by Design" culture. You won't just run scans and mandate fixes; you will partner with our product and platform teams to build automated security guardrails, secure our cloud infrastructure, and protect our cutting-edge LLM workloads, ensuring our customers' most sensitive data remains safe with zero "friction."

What you’ll do

• Shift-Left Security: Integrate automated security scanning (SAST, DAST, SCA) directly into our CI/CD pipelines to catch vulnerabilities early in the development lifecycle.

• Cloud Infrastructure Defense: Design and enforce security policies across our primary cloud environment, securing virtual networks, access controls, and cloud-native services using infrastructure-as-code (IaC) principles.

• AI/ML Security Governance: Pioneer security strategies for our LLM and machine learning workloads, protecting against emerging threats like prompt injection, data poisoning, and model exfiltration.

• Threat Detection & Incident Response: Build and monitor security observability tools, defining alerting thresholds and leading the response to potential security events or anomalies.

• Cross-Functional Partnership: Act as an embedded security consultant to our engineering and product teams, conducting threat modeling and architecture reviews while acting as an enabler rather than a blocker.

• Compliance & Trust: Drive and maintain compliance initiatives relevant to our enterprise AEC clients, ensuring we uphold the highest industry standards of data privacy.

What You’ll Bring

• 4–6 years of experience in Security Engineering, Application Security, or DevSecOps, with a clear focus on cloud-native SaaS environments.

• Cloud Security Mastery: Deep expertise in securing large-scale public cloud environments and a strong understanding of cloud networking, threat detection, data encryption, and identity management.

• Automation Mindset: Proficient in modern scripting languages and experience automating security tasks—you approach security engineering with the same rigor as product software.

• Modern AppSec: Hands-on experience with modern security tooling (e.g., automated dependency and vulnerability scanners) and a thorough understanding of common web and API vulnerabilities (OWASP Top 10).

• Strategic Thinker: You can identify systemic security "blind spots" and design automated, paved-road solutions to solve them permanently rather than playing whack-a-mole with vulnerabilities.

Experience we’d be particularly excited about

• LLM/AI Security Experience: Proven track record of securing Generative AI applications and navigating the unique, evolving threat landscape of large language models.

• Compliance Leadership: Experience successfully guiding technology startups through major compliance audits and framework adoptions (e.g., SOC 2 Type II, ISO 27001).

• Platform Collaboration: Experience working closely with Platform/DevOps teams to embed security seamlessly into internal developer tools and portals.

• Attributes: Exceptional attention to detail, strong analytical and problem-solving skills, and excellent written and verbal communication.

• Education: Bachelor's degree in Computer Science, Cybersecurity, Engineering, or a related field (or equivalent practical experience).

Experience we’d be particularly excited about

• You love experimenting with new security methodologies and offensive testing techniques.

• You have experience or interest in machine learning and AI risk management.

• You have an understanding of the unique data security and privacy concerns within the AEC (Architecture, Engineering, and Construction) or B2B SaaS industries.

What to expect

We conduct a rigorous interview process based on integrity, talent, and drive. We trust our teammates from day one and move quickly to evaluate whether you are fit for the role. The entire interview process typically takes two weeks. Here's what to expect:

• A 30 minute Zoom meeting to talk about Joist AI, your background, and answer any questions about the role.

• A 30 minute Zoom meeting with another one of our team members to hear more about your experience and how you'd approach working in the role.

• A take home project to assess your functional expertise for the role you're applying for.

• A 60 minute Zoom call to review your project and answer any outstanding questions.