Security Engineer

CrewAI

United StatesDevOps & SysAdmin

We're looking for a mid-level security engineer to join our small security team and work directly alongside our Head of Platform Security. This is a hands-on, execution-focused role. You'll contribute across the full security programme — compliance evidence, vulnerability management, and detection operations — doing real work in the tools every day.

This is not a strategy role. You'll be supporting and executing within a programme that's already defined. What we need is someone technically capable, detail-oriented, and comfortable operating across multiple domains without losing the thread on any of them.

What You'll Be Doing

Compliance

  • Collect and maintain compliance evidence in our GRC tooling, keeping controls current and audit-ready

  • Identify and flag control gaps before they surface as audit findings

  • Support evidence requests across active compliance programmes and assist with auditor liaison as needed

  • Maintain accurate, current entries in the risk register

  • Management and upkeep of our GRC platform

  • Create and maintain our Security policies

Platform Security

  • Assist with building out platform security processes

  • Triage vulnerability findings from our internal tooling

  • Create and track remediation tickets in Linear

  • Follow up with engineering to drive findings to closure

  • Complete Security questionnaires from potential customers

Operational Security

  • Monitor and triage alerts from our SIEM; escalate genuine incidents with context and a recommended action, not just raw alerts

  • Tune detection rules to reduce noise and improve signal quality

  • Support incident response activities as they arise

  • Implement Security controls

General Programme Support

  • Support access reviews and identity governance hygiene

  • Contribute to security documentation — policies, runbooks, and playbook updates

  • Pick up ad hoc security programme tasks as directed by the Head of Platform Security

Requirements

Required

  • 3–5 years in a security engineering, SecOps, or compliance engineering role

  • Direct, hands-on experience with a compliance audit cycle — evidence collection, control testing, not just awareness

  • Experience with SIEM tooling and alert triage — Wazuh, Splunk, Datadog Security, or equivalent

  • Exposure working in AWS environments

  • Strong written communication — able to produce a clear, concise risk summary without extensive direction

  • Able to work independently across multiple workstreams without losing detail

Valued

  • Experience across multiple compliance frameworks (SOC 2, ISO 27001, HIPAA, etc)

  • Relevant certifications (CISSP, CISM, Security+, OSCP)

Who You Are

  • You treat compliance as an operational discipline, not a documentation exercise

  • You can hold context across compliance, detection, and vuln management in the same week — and deliver on all of them

  • You escalate with context: not just 'here's an alert' but 'here's what it means and what I recommend we do'

  • You ask good questions and raise concerns early, rather than quietly working around them

  • You're comfortable in a lean team where scope is broad and not everything is handed to you on a plate