Security Engineer

Responsibilities

• Lead product security: threat modeling, secure code review, vulnerability management, and building security into the development lifecycle.
• Build internal security tooling that makes secure-by-default behavior the path of least resistance for the engineering team.
• Harden the infrastructure that underpins Forge’s runtime – from multi-tenant isolation and secrets management to network boundaries and data handling pipelines.
• Own corporate security programs and ensure internal systems meet enterprise standards.
• Be the internal voice on security, communicating tradeoffs and building trust.
• Work with external IT and Security partners.
• Own day-to-day compliance programs – including SOC 2 and PCI.

Requirements

• Engineering background as a software engineer who moved into security.
• 4+ years of experience spanning product security and some corporate security or compliance work.
• Hands-on experience with compliance programs (SOC 2, PCI, or similar) in fast-moving environments.
• Builder’s orientation toward security tooling.
• Soft skills to be a trusted security partner.
• Comfort operating as a generalist across product security, corporate security, and security tooling.

Nice to Have

• Experience securing systems that handle sensitive data in regulated verticals (banking, insurance, fintech, healthcare).
• Familiarity with security challenges of multi-tenant AI systems (prompt injection, data isolation, output validation).
• Experience with infrastructure security in distributed environments (container orchestration, cross-VPC networking, secrets management).
• Familiarity with managing outsourced IT or vendor relationships.
• Experience at an early-stage startup building security programs from scratch.

Compensation

• Competitive salary, meaningful equity, and benefits.