Search all jobs
Browse jobsAustin, TX › Senior Engineer, Security & Compliance (US)

Senior Engineer, Security & Compliance (US)

Codeandtheory · Austin, Texas, United States; New York, New York, United States; San Francisco, California, United States · Posted Jul 8, 2026

Apply on company site   Track it in JobSkout

The Machine is the agentic operating system for marketing, built by Code Theory. It plugs into the tools marketing teams use and turns disconnected workflows into a single intelligent system, connecting brand strategy, creative production, and media performance. The Machine helps power agencies across Stagwell's network and world-leading brands.

We're looking for a Senior Security Engineer to be the hands-on technical backbone of our security and compliance program across our SaaS products and client delivery work. This role would own the implementation — building the controls, tooling, automation, and processes that make our security program real. You'll work directly with engineering teams, embed into delivery workflows, and be the person who actually builds and runs the systems that keep our products and client data secure.

Our engineers are AI native and engage in and advance the state of the art in the practice of software development flow with AI.

WHAT YOU'LL DO

Build and maintain security controls across our cloud infrastructure and SaaS products — identity and access, encryption, logging, monitoring, secrets management, and multi-tenancy patterns

Own the technical implementation of SOC 2 Type II, ISO 27001, and ISO 42001 compliance — building evidence pipelines, automating control testing, and maintaining audit artifacts

Instrument and operate security monitoring and alerting across cloud environments (GCP, AWS, and/or Azure), with hands-on responsibility for threat detection, log aggregation, and response

Partner with engineering teams to embed security into CI/CD pipelines — vulnerability scanning, SAST/DAST tooling, dependency management, container security, and secure code review

Implement privacy controls in product and client environments, including data classification, retention, access controls, and audit logging aligned to HIPAA, GDPR, and CCPA/CPRA requirements

Execute the client engagement security model — provisioning and deprovisioning access, configuring environment segregation, and meeting client-specific delivery security requirements

Conduct hands-on vendor security assessments, reviewing third-party architectures, configurations, and data handling practices

Maintain and test incident response playbooks; lead technical response and forensic analysis during security events

Build and maintain AI-specific security controls — reviewing model inputs/outputs, securing agent workflows, managing prompt injection and data leakage risks in AI-enabled products

Contribute to the security questionnaire and RFP response library, serving as the technical author for detailed customer assurance requests

WHAT YOU'LL NEED

5+ years of hands-on security engineering experience, ideally spanning SaaS product environments and/or professional services/agency delivery

Deep practical knowledge of cloud security in at least one major platform (GCP, AWS, or Azure) — IAM, networking, secrets management, logging, and security tooling

Hands-on experience with SOC 2 Type II and ISO 27001 control implementation — not just familiarity with frameworks, but actually building and operating the controls

Experience building security automation across CI/CD pipelines — integrating vulnerability scanners, SAST/DAST tools, and policy enforcement into engineering workflows

Working knowledge of privacy regulations (HIPAA, GDPR, CCPA/CPRA) and experience implementing technical controls that operationalize compliance requirements

Proficiency with security monitoring and SIEM tooling — building detection logic, tuning alerts, and responding to incidents with real technical depth

Strong communication skills — you can explain a complex finding clearly to an engineer, a PM, or a client, and write a crisp, credible response to a security questionnaire

Comfort working across a distributed, fast-moving organization with multiple concurrent workstreams

Experience working with AI-enabled development tools and integrating security thinking into AI-assisted workflows

Hands-on experience reviewing and hardening AI agent workflows — understanding risks like prompt injection, data leakage, and model misuse in production systems

Comfortable leveraging AI-enabled development tools and workflows to accelerate engineering, automation, debugging, and operational tasks

Experience orchestrating multi-step AI or agent-driven workflows, including selecting appropriate models, tools, and execution patterns for different use cases

Strong judgment reviewing and hardening AI-assisted output for security, scalability, maintainability, and architectural fit

Experience building or maintaining prompts, evaluation frameworks, documentation, or operational context systems that improve engineering velocity and reliability

Familiarity with automated evaluation and feedback loops for AI-enabled systems and workflows

NICE TO HAVE

Experience in agency, consultancy, or enterprise SaaS environments where you've had to meet varying clien…

Apply on company site