Security Engineer

Profound is the marketing platform for the AI era. As people increasingly turn to ChatGPT, Perplexity, and Gemini to decide what to buy, we give brands the intelligence to see how AI represents them and the Agents to act on it. Today, ~13% of the Fortune 500, plus companies like Ramp, Figma, Chime, Calendly, and DocuSign, use Profound to turn AI Search from a black box into a measurable growth channel.

Backed by Lightspeed, Sequoia, Kleiner Perkins, and Khosla Ventures at a $1B valuation, we're a lean, fast-moving team across NYC, SF, Buenos Aires, and London, shipping at a relentless pace and defining a new category at the biggest shift in marketing in 25 years. If you want to do the best work of your career at the frontier of AI, come build it with us.

As enterprises integrate AI into critical workflows, they need to trust that the platforms they rely on are secure, compliant, and resilient. That's where you come in.

We're hiring a Security Engineer to own Profound's security posture across our platform, infrastructure, and corporate environment. You'll be the first dedicated security hire, which means you'll shape how we approach access control, vulnerability management, compliance, and incident response from the ground up. You'll partner closely with our Engineering and Infrastructure teams to build practical, scalable security systems that protect customer data and enable rapid growth.

This role is ideal for someone who sees security as a business accelerator, not a blocker, and who thrives on building rather than auditing.

What you'll do

In your first 90 days, you'll focus on our most pressing priorities: partnering with our Infrastructure team to harden our AWS environment, driving SOC 2 Type II continuous compliance (defining controls and closing gaps), and integrating security scanning into our CI/CD pipelines.

Over time, you'll take on broader responsibility across our security posture:

• Enforce least-privilege access controls and conduct regular access reviews across environments

• Build and run a vulnerability management program spanning infrastructure, applications, and dependencies

• Triage and respond to security findings from automated tooling, bug bounty programs, and third-party assessments

• Partner with Infrastructure to implement detection and monitoring capabilities using log aggregation and SIEM tooling

• Conduct risk assessments, maintain a risk register, and drive prioritization decisions

• Build security policies and procedures that reflect how we actually operate

• Lead post-incident reviews and drive systemic improvements

Must have

• 5+ years in security engineering, with experience in high-growth SaaS or infrastructure-heavy environments

• Hands-on experience building or maintaining a SOC 2 compliance program

• Strong knowledge of AWS security services and cloud security architecture (IAM, VPC, CloudTrail, GuardDuty, Security Hub)

• Deep understanding of identity and authentication protocols (OAuth, SAML, OIDC)

• Practical scripting skills in Python or Bash for automating security workflows

Strong plus

• Experience integrating vulnerability management and security scanning (SAST, DAST, SCA, container scanning) into CI/CD workflows

• Familiarity with network security fundamentals (firewalls, DNS, VPNs, segmentation, traffic analysis)

• Experience with infrastructure-as-code security (Terraform, CloudFormation)

• Background in penetration testing, application security assessments, or CTF competitions

• Familiarity with data infrastructure security for systems like ClickHouse or PostgreSQL

• Experience with data processing compliance in analytics-heavy environments

• Relevant certifications (CISSP, CCSP, AWS Security Specialty, or similar)

Who you are

• Clear communicator who can translate security risks into business terms for engineering, leadership, and customer-facing teams

• Systems thinker who reasons about root causes, blast radius, and scalable control design

• Self-directed with strong judgment and comfort operating with significant autonomy

• Motivated by building the security foundation for a category-defining AI company

Compensation

For this role, the expected base salary range is $200,000 to $250,000 (NYC). Profound's total compensation package includes base salary, equity, and a full range of benefits and perks. Final compensation depends on skills, experience, qualifications, and location, and will be determined during the interview process. Our recruiting team will share more details about the full package as you move through hiring.

#LI-PRO

Note: All official communication from Profound will come from a @tryprofound.com email address. If you're contacted by anyone using a different domain, please disregard and report it as spam.