Requirements
* The right person has done this before, moves quickly, and can own the security posture of a greenfield AWS product independently
* You have deep, hands-on security engineering experience: you build and implement controls, you do not just advise
* You have strong AWS security knowledge: IAM, account structure, Well-Architected Framework, CloudTrail, GuardDuty, Config, and Security Hub
* You have driven a real SOC 2 Type II engagement: controls, evidence collection, and audit preparation, not just policy documentation
* You have application security experience: auth, RBAC, common web vulnerabilities, and the ability to implement fixes directly in code and config
* You have managed external pen test engagements: scoping, triaging findings, and closing them
* You are comfortable working at pace with minimal hand-holding in a small, senior team
* You are available immediately or within days, not weeks
* (Desirable) AI and LLM security experience: agentic systems, prompt injection, SSRF in agent fetch tools, sandbox escaping, and tool-use threat modelling. This is the most unusual and compelling part of the brief
* (Desirable) Experience with high-bar compliance frameworks (FedRAMP, NIST): SOC 2 will feel straightforward if you have done these
* (Desirable) Multi-tenant SaaS security experience
* (Desirable) Data residency and multi-region architecture experience across UK and US
* (Desirable) Experience securing LLM API integrations (OpenAI, Anthropic, AWS Bedrock)
* (Desirable) ISO 27001 familiarity: we are already certified
* Even if you don’t meet every single requirement, or if the right role isn’t listed yet, we’d still love to hear from you
What the job involves
* We are looking for a Security Engineer (Contract) to be the internal security lead on our Greenfield Product. You will have full access to source code, cloud infrastructure, and configurations, everything an external pen tester cannot see
* Your job is to ensure the product is enterprise-ready before a customer goes anywhere near it
* You will work alongside the Greenfield Product hardening squad: head of engineering, platform engineers, a developer, and a QA engineer. You will also act as day-to-day counterpart to our external security and pen test partners
* This is a hands-on engineering role, not an advisory one. You will be building and implementing controls, not writing recommendations for someone else to action
* AWS security posture from the ground up: account structure, IAM, RBAC, logging, and monitoring within the AWS Well-Architected Framework
* SOC 2 Type II controls and evidence for the Greenfield Product on AWS, ensuring the new platform meets the same compliance bar as our existing certified platform
* Application-level hardening: authentication (JumpCloud SSO/OIDC), API rate limiting, web security headers, CSRF, CORS, and file-upload validation
* AI and agentic security: hardening a sandboxed agent environment including shell execution controls, SSRF/DNS rebinding prevention, prompt injection defences, and tool-use guardrails
* Penetration test management: working alongside our external pen test firm (first engagement scoped for early July), triaging findings, and closing them rapidly
* Continuous security validation: putting automated processes in place so that security posture does not erode after this engagement ends
* Data residency: ensuring US and UK data residency requirements are met from the start given our law firm customer base
* Vendor security due diligence: assessing third-party integrations including LLM API providers (OpenAI, Anthropic via AWS Bedrock)
* Security status reporting: concise updates to Graham and wider leadership
#J-18808-Ljbffr