Founding Security Engineer

Reducto helps AI teams ingest real-world enterprise data with state-of-the-art accuracy, specializing in unstructured formats like PDFs. The company has seen rapid growth, working with hundreds of clients from leading AI teams to large enterprises, and has raised over $100M. This Founding Security Engineer role involves owning the company's security posture and compliance programs (SOC2, HIPAA), implementing proactive security monitoring, building CI/CD tooling, managing bug bounty programs, and shaping the security strategy for enterprise clients.

Must Have

• High bar for quality and thoroughness
• 3+ years of hands-on security engineering experience
• Experience with at least one SOC2 or similar compliance audit
• Comfortable reading and auditing code (Python preferred)
• Understanding infrastructure architecture
• Implementing security controls across the stack
• Ability to build own security tools
• Practical, risk-based approach to security
• Owning and managing SOC2, HIPAA, and other compliance certifications
• Implementing proactive security monitoring and alerting systems
• Building and maintaining security CI/CD tooling
• Managing relationship with platforms like Vanta
• Responding to customer security questionnaires and conducting security reviews
• Establishing and managing bug bounty program
• Working directly with founders and customers on security strategy

Good to Have

• Prior experience founding a company or building security programs from scratch at early-stage startups
• Deep experience with on-prem deployments and air-gapped environments for enterprise customers
• Contributed to security tools, written security content, or spoken at security conferences
• Ambitious and driven, caring about doing great work with great people
• Keeps up with the latest developments in application security, cloud security, and AI/ML security

Perks & Benefits

• Unlimited PTO
• Free lunch daily at the office
• Reimbursed transportation
• Generous health insurance (medical, dental, vision)
• Health and Wellness Budget ($150/mo reimbursement)
• Parental Leave

We would love to meet you if you:

• Philosophy: You are your own worst critic. You have a high bar for quality and don't rest until the job is done right—no settling for 90%. We want someone who ships fast, with high agency, and who doesn't just voice problems but actively jumps in to fix them.

• Experience: You have 3+ years of hands-on security engineering experience, ideally in high-growth startups or cloud-native environments. You've been through at least one SOC2 or similar compliance audit.

• Technical Depth: You're comfortable reading and auditing code (Python strongly preferred), understanding infrastructure architecture, and implementing security controls across the stack—from application layer to cloud infrastructure.

• Tools: Build your own tools as needed—whether it's a quick script to audit secrets across repos or an internal dashboard to track security metrics.

• Approach: A practical, risk-based approach to security. You understand when to say no and when to help engineering ship securely. You can balance security rigor with business velocity and aren't dogmatic about perfect security at the expense of progress.

The core work will include:

• Owning and managing SOC2, HIPAA, and other compliance certifications end-to-end, including evidence collection, control implementation, and audit coordination

• Implementing proactive security monitoring and alerting systems to detect and respond to threats in real-time across our cloud and on-prem deployments

• Building and maintaining security CI/CD tooling to catch vulnerabilities before they reach production—static analysis, dependency scanning, secrets detection, and more

• Managing our relationship with platforms like Vanta to streamline compliance workflows and maintain continuous monitoring

• Responding to customer security questionnaires and conducting security reviews for enterprise deals

• Establishing and managing our bug bounty program, triaging vulnerabilities, and coordinating remediation with engineering teams

• Working directly with the founders and customers to shape our security strategy and build trust with enterprise buyers

Bonus points if you:

• Have prior experience founding a company or building security programs from scratch at early-stage startups

• Have deep experience with on-prem deployments and air-gapped environments for enterprise customers

• Have contributed to security tools, written security content, or spoken at security conferences

• Are ambitious and driven, and care a lot about doing great work with great people

• Keep up with the latest developments in application security, cloud security, and AI/ML security

This is an in person role at our office in SF. We're an early stage company which means that the role requires working hard and moving quickly. Please only apply if that excites you.

Benefits at Reducto

At Reducto, we're invested in the well-being and growth of our team. Here's what we currently offer:

• Unlimited PTO: We believe great work requires recharging.

• Lunch: Receive a free lunch to eat with your teammates daily at the office

• Reimbursed Transportation: Provide us with your receipts and we'll take care of the costs

• Insurance: Generous health insurance covering medical, dental, and vision.

• Health and Wellness Budget: We provide up to $150/mo reimbursement for health and wellness spending, such as gym memberships, fitness classes, or similar.

• Parental Leave: Work with us to build a leave schedule that works for you and your family

Reducto is an Equal Opportunity Employer committed to diversity and inclusion in the workplace. All qualified applicants will receive consideration for employment without regard to sex, race, color, age, national origin, religion, physical and mental disability, genetic information, marital status, sexual orientation, gender identity/assignment, citizenship, pregnancy or maternity, protected veteran status, or any other status prohibited by applicable national, federal, state or local law.