Broxer
Katılmak
This page was automatically translated and may contain errors. View in English.
MrBeast

Compliance & Security Engineer

MrBeast

San Francisco, Canada (Hybrid) · Tam zamanlı

Başvuran ilk kişi siz olun

Deneyim
15+ yrs
Maaş
Açılışlar
1
Yayınlandı
2 saat önce

Where you'll work

İş tanımı

About the Company

Beast Industries is a media and entertainment business created by Jimmy Donaldson, widely known as MrBeast. Built on top of a massive global audience, the company works across digital media, philanthropy, consumer goods, and new business ideas. Its focus is to entertain, motivate, and create meaningful impact while pushing creative and technological boundaries.

Role Overview

We are looking for a senior-level engineer to help build the security and compliance foundation for a company that is being rebuilt with an AI-first approach. This is a greenfield environment with no legacy stack to inherit, giving you the chance to define the right controls, patterns, and operating model from day one.

The role is especially important because the business spans regulated and sensitive areas: Step processes money and serves minors, Feastables handles consumer and supply-chain data, and the media organization operates at a fast pace. Your work will help these products move quickly while still meeting security and compliance requirements.

Core Mission

You will serve as the main individual contributor connecting two closely related disciplines: security engineering and compliance engineering. On the security side, this includes threat modeling, vulnerability handling, hardening, and incident response. On the compliance side, it includes control design, audit support, and mapping technical controls to standards such as SOC 2, PCI DSS, COPPA, and privacy regulations.

  • Own the technical security architecture and compliance posture across Step, Feastables, and the media business.
  • Create a single control framework and connect each control to the regulation or standard it satisfies, including PCI DSS, COPPA, GDPR/CCPA, and SOC 2.
  • Make compliance an ongoing process by automating evidence gathering and control monitoring instead of relying on annual manual efforts.

What You Will Do

  • Define the security baseline that other engineers will build against across cloud infrastructure, applications, and data platforms.
  • Lead threat modeling and security assessments for sensitive products, especially payment and account systems and anything involving minors’ data.
  • Own the vulnerability management process and work with system owners until issues are fully remediated.
  • Design and run incident response, including detection, response playbooks, escalation paths, post-incident reviews, and breach-notification readiness.
  • Act as the technical lead for PCI DSS and SOC 2 audits, and interface with auditors, regulators, and external partners as needed.
  • Convert regulatory obligations into practical engineering tasks and help leadership evaluate risk tradeoffs in business-friendly language.
  • Establish secure-by-default patterns and reusable paved roads so teams can meet requirements without repeated one-off reviews.

Profile We’re Looking For

  • You are comfortable using AI in day-to-day work and know how to apply it meaningfully to security tasks such as automation and evidence pipelines.
  • You bring about 15 years of combined experience across security engineering and compliance, with direct ownership of PCI DSS and SOC 2 in a live production environment from control design through a successful audit.
  • You have practical experience with cloud security, especially AWS and GCP, as well as application security, threat modeling, and incident response, and you can read and reason about code.
  • You are able to make risk calls clearly, explain tradeoffs in simple terms, and advocate strongly when the issue involves minors’ data or customer money.
  • You know how privacy and child-protection requirements map to technical controls, including COPPA, GDPR, and CCPA.

Bonus Experience

  • Background in fintech or payments, including money movement or KYC.
  • Experience with security automation and infrastructure-as-code such as Terraform or policy-as-code tools.
  • Professional certifications such as CISSP, CCSP, or OSCP.
  • Experience helping establish a security or compliance function in an early-stage environment.

Work Setup

The primary work location is the Bay Area, including San Francisco or the Peninsula. New York City is listed as a secondary location. The role follows a hybrid structure with an expectation of three days per week in the office.

Compensation and Benefits

The role includes a highly competitive equity package and a competitive salary. Additional benefits include medical coverage through Blue Cross Blue Shield, dental and vision insurance, company-paid life insurance, HSA contributions, a 401(k) with Safe Harbor matching, flexible vacation, paid company holidays, a company technology package, and relocation support where applicable. Relocation support may include travel and company-provided housing for the first 90 days.

Additional Notes

This is intended as a foundational hire for a company operating at global scale, where the security and compliance function must be built to support speed, trust, and long-term growth.

Yetenekler

AWS Bulut güvenliği Application Security Incident Response Infrastructure as code GCP Vulnerability management Threat modeling Privacy compliance Security Automation SOC 2 PCI-DSS

Yanıt almak istiyorsanız bırakın; başka hiçbir amaçla kullanmayacağız.

Göz atmak için tıklayınsürükle ve bırak, veya macun bir ekran görüntüsü

PNG, JPG, GIF, MP4, WebM, MOV · Her biri maksimum 20 MB · En fazla 5 dosya