Security Engineer

About Clay

Our mission is to help organizations turn any growth idea into reality.

We see growth as a creative practice, not a formula. Finding and reaching your best-fit customers takes unique ideas and constant iteration. As AI makes execution faster and tactics easier to copy, creativity is the only lasting advantage. We're already helping thousands of customers — including Anthropic, Notion, Google, and Ramp — go to market with unique data, signals, and AI research.

In 2025, we raised a $100M Series C backed by world-class investors including Sequoia, CapitalG, and First Round — and crossed $100M in revenue.

In 2026, we announced our second employee tender offer in 9 months at a new $5B valuation. We also launched a community equity round, for our customers, agency partners, and club members.

Some things to know about us:

• Our community includes 11,000+ customers, 150+ integration partners, 125+ agencies, 50+ Clay clubs, and 30k members on Slack.

• Our cultureis unique inside and outside of work. Our team members are also DJs, activists, writers, clowns, marathoners, skydivers, psychedelic therapists, social workers, and more.

• All employees can work for free with world-class coaches who specialize in creativity, management, and more.

• Our operating principles — including negative maintenance and non-attached action — guide our work. Read more about them here.

• Read about us in the NYT, Forbes, First Round Review, and more.

Hear from our employees directly on our Glassdoor page!

Security Engineering @ Clay

We're building a modern security organization from the ground up. We're hiring senior or staff-level security engineers who are strong software engineers first, with deep expertise in either Cloud Security or Application Security and working knowledge across both.

This is a hands-on role. You'll spend significant time writing production code—security tooling, detection systems, remediation pipelines, and frameworks that make secure defaults the easiest path. You'll also help define how we leverage modern automation, including frontier AI models (e.g. Mythos), to scale security operations: autonomously discovering vulnerabilities, reviewing AI-generated code, and building detection systems that understand context and intent.

What You'll Do

• Build security primitives, tooling, and automation that scale with the product and engineering org

• Define and implement our strategy for modern security workflows: AI-assisted vulnerability discovery, automated code review, threat detection, and remediation

• Collaborate with Infrastructure and Product Engineering to make secure defaults the easiest path

• Own projects end to end: design, implementation, rollout, and measurement

Cloud Security

• Secure our cloud environment (IAM, network policies, container security, secrets management, and misconfiguration prevention).

• Define and enforce least-privilege access patterns across services and humans.

• Improve cloud visibility and control using infrastructure-as-code and cloud security tooling (we currently use Terraform, AWS Config, and AWS Security Hub).

• Develop preventative controls and safe deployment patterns that reduce the probability and blast radius of incidents.

Application Security

• Lead secure design and secure coding practices, and prevent common vulnerability classes.

• Perform architecture reviews and code-level security reviews, and work hands-on with engineers to ship fixes.

• Own the vulnerability discovery and validation lifecycle: static and dynamic analysis, dependency checks, pen tests, and bug bounties. Integrate modern automated detection systems (including Claude Mythos-class models) to find vulnerabilities at scale.

• Build and deploy security agents and automated workflows that can scan codebases, propose fixes, and in some cases autonomously deploy security patches.

• Build frameworks and reusable components for authentication, authorization, and secure-by-default patterns.

• Define practical policies and controls for code generation tools and coding agent changes, so they can be used safely and consistently.

What You'll Bring

• Strong software engineering fundamentals and a track record of shipping production systems

• Deep expertise in either cloud security or application security, with the ability to flex into the adjacent domain

• Ability to build, not just advise: You translate risk into concrete engineering work and ship solutions

• Comfort with ambiguity: You thrive when building from first principles and defining what good looks like

• Forward-thinking about tooling: Interest in leveraging modern automation and AI to scale security operations while maintaining engineering rigor

Out of Scope

This is not an IT helpdesk or general operations role. We partner with other teams and vendors for routine operational work so you can stay focused on building scalable security foundations.