Security Engineer (Internal)

As Security Engineer (Internal) at Maze, you'll own how we secure ourselves — our cloud, our applications, and the way our engineers build. This is a unique opportunity to join a well‑funded Series A startup building at the intersection of generative AI and cybersecurity, establishing the internal security foundation that lets a three‑product company keep moving fast as it scales.

You'll take hands‑on ownership of cloud infrastructure security, application security, security tooling, and the compliance work that unlocks enterprise deals. We're deliberately looking for a strong generalist rather than a narrow specialist: someone who can harden our AWS environment and identity model, get into the weeds on application security, and run a pragmatic compliance program — and who knows when a control is worth the friction and when it isn’t.

Your success will be measured by the robustness of our security posture, our readiness for enterprise customer requirements, and your ability to make secure the default path for engineering rather than a blocker. This role is perfect for a pragmatic, broad security engineer who has built and run security at a startup, thrives with autonomy, and wants to own a domain end‑to‑end.

You'll be our founding internal security hire — but not a lone wolf for long: this is the first role in a function we expect to grow, and as we scale we'll add to the team and bring in dedicated security leadership. You'll set the foundations the rest of that team is built on, and have a clear runway to grow alongside it.

Your Contributions to Our Journey:

• Harden Our Cloud Infrastructure: Secure our AWS environment by design — identity and access management, hardening, network and infrastructure‑as‑code controls (Terraform) — closing real risk rather than chasing checkboxes.
• Own Application Security: Embed application security into how we build, from secure‑by‑default patterns and code review guidance to triaging and driving down vulnerabilities across our own products and services.
• Build Security Tooling and Monitoring: Stand up the monitoring, logging, and alerting that gives us visibility across infrastructure and applications, and serve as our first line of defence.
• Run Compliance Pragmatically: Lead readiness for SOC2, ISO27001, and similar frameworks — building the controls, documentation, and evidence that support enterprise sales without drowning the team in process.
• Establish Security Policies That Enable: Create practical security policies and procedures that keep standards high while letting the team move quickly — no security theatre.
• Automate Security Operations: Build security automation and tooling in code, using AI‑assisted workflows to ship faster while keeping quality high.
• Manage Vendor and Supply‑Chain Security: Assess third‑party vendors and tools so our supply chain meets enterprise expectations.
• Enable Incident Response: Develop incident response plans and runbooks, and establish clear processes for detecting, responding to, and recovering from security incidents.

What You Need to Be Successful:

• Broad, Hands‑On Security Engineering: 5+ years building and running security, with genuine breadth across cloud security and application security rather than depth in only one — comfortable being the person who covers the whole surface area.
• AWS Security Expertise: Deep, hands‑on knowledge of AWS security — IAM, hardening, and AWS‑native security tooling — with the judgement to prioritise what matters.
• Application Security Capability: Real experience finding and fixing application‑layer vulnerabilities, and embedding secure development practices into engineering workflows.
• Infrastructure as Code Proficiency: Strong experience managing security controls programmatically with Terraform, building secure, scalable infrastructure through code.
• Coding and Scripting Skills: Proficiency in Python, Bash, or similar for security automation, custom tooling, and integrating security into development workflows.
• Compliance and GRC Know‑How: Practical experience translating SOC2, ISO27001, or similar requirements into technical controls — without letting process become the product.
• Pragmatic Security Mindset: A track record of balancing security rigour with business velocity, implementing controls that enable engineering rather than block it.
• Startup Self‑Direction: Proven ability to operate autonomously as an early security hire, prioritise ruthlessly, and build without extensive oversight — and to thrive in the ambiguity of an early‑stage company.
• Foundation‑Setter: Mindset to build security in a way others can build on as the team grows — clear documentation, repeatable processes, and standards a future team and security leadership inherit cleanly.

Nice to haves:

• Experience building security programs at early‑stage startups (seed through Series B).
• Background in DevOps or SRE that grew into security engineering.
• Familiarity with container security (Docker, Kubernetes).
• Experience at a cybersecurity product company.
• A bias toward building vs buying security tooling under startup constraints.
• AI‑assisted security workflow experience.

Why Join Us:

• Ambitious Challenge: We’re building at the intersection of generative AI (LLMs and agents) and cybersecurity — and you’ll secure the company doing it, across cloud and application security.
• Build Security from Zero: Own the internal security function from day one, establishing the architecture, tooling, and practices that scale Maze through hypergrowth — then help grow the team and function around you as we scale.
• Expert Team: Work alongside a CTO and engineering team with deep experience in AI and cybersecurity — hands‑on leaders who have been part of multiple acquisitions and an IPO — giving you strong technical partnership while you own security.
• Impactful Work: Cybersecurity is a force for good. Your work directly enables AI‑powered security solutions that protect organisations worldwide — making security an enabler of innovation, not a blocker.
• Build an AI‑native Company: Join early enough to design everything from the ground up, with significant equity upside and a clear path to grow as our security organisation matures.