Security Engineering Lead

Outset invented a better way to do research: AI-powered user interviews.

Global brands like Hubspot, Microsoft, Uber and Nestle use Outset to achieve deeper, qualitative insights about their users at unprecedented speed and scale.

The research industry is massive (>$140B and growing) and ripe for disruption. Incumbents are outdated, slow, and burdened by high-cost services. That's our opportunity.

Outset is backed by top Silicon Valley investors and raised a $30M Series B in December 2025—less than six months after our Series A—led by Radical Ventures with participation from M12 (Microsoft’s venture arm), 8VC, Y Combinator, and Adverb Ventures.

The raise follows a breakout year, with our business growing 8x as enterprise customers across industries adopt our category, AI‑moderated research, as the new standard for understanding people.

We’re a tight-knit team based in San Francisco’s Financial District, serving some of the world’s largest enterprises

We’re looking for a Security Engineering Lead who can operate across the full security stack—owning policy, governance, and compliance while also rolling up their sleeves on hands-on technical work. You’ll be the primary owner of Outset’s security program: setting the policy framework, responding to customer security requirements, managing our vulnerability posture, and partnering closely with engineering to keep our product and infrastructure secure. This is a high-ownership, high-impact role for someone who thrives at the intersection of policy rigor and technical depth.

Responsibilities

• Own, develop, and maintain the company security policy framework, ensuring policies are current, practical, and aligned with compliance requirements (SOC 2, ISO 27001, etc.).

• Develop and maintain security playbooks, incident response procedures, and standard operating procedures across all security domains.

• Own Outset’s internal IT security program—including assessment, administration, and implementation of controls across corporate systems, endpoints, and SaaS tooling.

• Own the customer security questionnaire process: review, respond to, and track all inbound security assessments from prospects and customers.

• Assess and triage reported security vulnerabilities, prioritizing based on risk and directly implementing fixes across production software and infrastructure using hands-on (AI-assisted) coding skills.

• Lead investigations into security alerts and incidents; own the end-to-end response and post-incident review process.

• Design and implement security controls across cloud infrastructure (AWS), corporate systems, and endpoints.

• Conduct internal security reviews and threat modeling for new and existing products and features.

• Partner with engineering to embed secure development practices into CI/CD workflows and the SDLC.

• Manage the penetration testing program—scoping engagements, coordinating external vendors, and driving remediation of findings.

• Build and maintain detection and response pipelines for cloud and application environments; manage SIEM tooling and log analytics.

• Support SOC 2 and other compliance initiatives through technical controls, policy documentation, and audit evidence collection.

• Manage third-party risk assessments and vendor security reviews.

Qualifications

• 6+ years of experience in security engineering, DevSecOps, information security, or a related role.

• Demonstrated experience authoring and maintaining security policies, standards, and playbooks.

• Hands-on familiarity with cloud environments (AWS) and modern SaaS tooling stacks.

• Strong understanding of identity management, endpoint protection, and network security fundamentals.

• Proficiency in scripting or automation (Python, Go, or similar); comfort using AI-assisted coding tools for production changes.

• Experience managing customer-facing security questionnaires and security review processes.

• Experience running or coordinating penetration testing engagements with external vendors.

• Experience with SIEM, detection engineering, or log analytics platforms.

• Exposure to compliance frameworks (SOC 2, ISO 27001) and the technical controls that underpin them.

• Excellent communication skills—able to translate complex security concepts for non-technical stakeholders.

• Startup experience or demonstrated comfort operating in fast-moving, ambiguous environments.

• Familiarity with securing AI/ML pipelines, data infrastructure, or internal developer tooling is a plus.

Benefits

• Daily collaboration with founders, shaping the core product vision.

• Exposure to and collaboration with design and research leaders at top global brands.

• Competitive cash and equity compensation. Actual compensation packages are based on various factors unique to each candidate, including skill set, depth of experience, and certifications.

Outset is an equal opportunity employer. We celebrate diversity and are committed to creating an inclusive environment for all employees, free from discrimination based on race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, disability, or any other protected class.