Founding Security Engineer in London

About Wexler

Wexler is building the best AI system for litigation on the planet. We work with some of the world’s largest law firms, helping them to solve their most complex cases, find the winning strategy in each matter, and create clarity from the chaos of documents and facts in each case. We are a rapidly growing, legal AI company based in London. Clifford Chance, HSFKramer, Goodwin, Addleshaw Goddard and more rely on us to help find the critical facts that can determine their chances of winning a case. We’re backed with a $5.3M Seed by Pear VC, Seedcamp, The LegalTechFund + many leading industry angels. We are building a comprehensive AI platform for managing, resolving and preventing legal disputes across Enterprise law firms and Fortune500 companies. We are growing 10x YoY and signing more eminent firms every month. Our system extracts objective, cross-referenced facts from millions of documents, helping litigators win more cases whilst saving months of working hours. In this way we ensure every client gets the representation they deserve. AI is transforming the law, but most tools have focused on contract law or are generalist copilots that aggregate the tasks lawyers do across practices. Wexler is the leading gen-AI platform specifically built for the nuances of litigation, and our growth proves the story is resonating.

About the Role

As our first dedicated security hire, you’ll shape and own the foundation of Wexler’s security program — spanning infrastructure, product, and compliance. You’ll work closely with engineering, operations, and leadership to ensure we’re not only secure, but demonstrably so to our customers.

Responsibilities:

• Take ownership of existing security tooling and implement new ones (e.g. endpoint protection, MDM, access controls), ensuring they’re effectively configured, maintained, and scaled as the business grows.
• Embed secure‑by‑design practices into the development lifecycle — from secure coding and threat modelling to design reviews and CI/CD hardening.
• Monitor systems for irregular behaviour and proactively design detection and prevention mechanisms.
• Ensure infrastructure and applications align with accepted industry standards (e.g. OWASP Top 10, AWS Well‑Architected Framework).
• Conduct and lead risk assessments, including third‑party/vendor reviews and internal evaluations.
• Document and maintain security policies, procedures, and controls as part of our ISO 27001‑certified ISMS.
• Partner with GTM and leadership to demonstrate our security posture and compliance maturity to customers and prospects — helping turn security into a commercial advantage.

You’ll love this role if you:

• Have hands‑on experience deploying and managing security tooling (EDR, MDM, ZTNA, vulnerability scanners, etc.) and enjoy solving problems at the implementation level.
• Have worked within AWS’s security ecosystem and can comfortably navigate enterprise security tools across vendors.
• Have solid foundations in networking, systems, and cloud infrastructure, and can apply frameworks like OWASP and AWS Well‑Architected to real‑world scenarios.
• Have experience reviewing and improving product and infrastructure security, including secure SDLC practices (e.g. threat modelling, secure code review, CI/CD hardening).
• Are familiar with compliance frameworks like ISO 27001 or SOC 2, and can translate technical controls into well‑documented policies and audit‑ready evidence.
• Enjoy automating repetitive security tasks (Python, PowerShell, Bash, or via APIs) to improve efficiency and reduce manual work.
• Think proactively about risk reduction — not just fixing bugs but designing processes and controls that uplift the overall security posture.
• Have a generalist mindset and thrive across infrastructure, product, and compliance domains.

You won’t love this role if you:

• Want to do only policy work or only implementation — this is a hands‑on, full‑spectre security role.
• Prefer a slow pace or require perfect clarity before acting — we move fast and prioritise action.
• Feel uncomfortable owning outcomes — you’ll be accountable end‑to‑end for critical security initiatives.
• Prefer maintaining the status quo — we constantly challenge assumptions and iterate on how security should be done.
• Need a highly structured environment — we’re still building, and that includes building the playbook as we go.
• Struggle with ambiguity or need prescriptive direction — you’ll get support, but autonomy is key.
• Wait for others to act — we value initiative and bias for ownership.

What We Offer:

• Competitive salary and significant equity.
• Huge autonomy and ownership. You will be designing and building the core systems that power AI for some of the most expert users in AI.
• Budget for learning and professional growth.
• Bi‑annual team retreats.
• Work closely with experienced founders and a team of AI scientists and engineers.

About the opportunity: Legal AI has caught the attention of VCs and the wider tech world, but the reality is adoption with users is low in the enterprise, with roughly 20% of lawyers using AI tech. Of those lawyers, most are transactional or contract lawyers and they use generalist platforms that look to aggregate the tasks lawyers do but do not go deep into specific workflows. That’s where Wexler is different. We are a 'scalpel' rather than a 'Swiss Army knife', meaning we go deep into the workflows that can decide how a legal case is won. We have extremely positive feedback from lawyers, and we have an ambitious roadmap of features to expand our coverage while retaining the forensic detail that makes our product great.

Note: If you think you don’t quite fit the bill but you’d still be interested in chatting for a different role, get in touch at careers@wexler.ai.