We are redirecting you to the source. If you are not redirected in 3 seconds, please click here.

Security Engineer at CrewAI. We're looking for a mid-level security engineer to join our small security team and work directly alongside our Head of Platform Security. This is a hands-on, execution-focused role. You'll contribute across the full security programme — compliance evidence, vulnerability management, and detection operations — doing real work in the tools every day.. This is not a strategy role. You'll be supporting and executing within a programme that's already defined. What we need is someone technically capable, detail-oriented, and comfortable operating across multiple domains without losing the thread on any of them.. What you'll be doing. Compliance. Collect and maintain compliance evidence in our GRC tooling, keeping controls current and audit-ready. Identify and flag control gaps before they surface as audit findings. Support evidence requests across active compliance programmes and assist with auditor liaison as needed. Maintain accurate, current entries in the risk register. Management and upkeep of our GRC platform. Create and  maintain our Security policies. Platform Security. Assist with building out platform security processes . Triage vulnerability findings from our internal tooling, . Create and track remediation tickets in Linear. Follow up with engineering to drive findings to closure. Complete Security questionnaires from potential customers. Operational Security. Monitor and triage alerts from our SIEM; escalate genuine incidents with context and a recommended action, not just raw alerts. Tune detection rules to reduce noise and improve signal quality. Support incident response activities as they arise. Implement Security controls. General programme support. Support access reviews and identity governance hygiene. Contribute to security documentation — policies, runbooks, and playbook updates. Pick up ad hoc security programme tasks as directed by the Head of Platform Security. Required. 3–5 years in a security engineering, SecOps, or compliance engineering role. Direct, hands-on experience with a compliance audit cycle — evidence collection, control testing, not just awareness. Experience with SIEM tooling and alert triage — Wazuh, Splunk, Datadog Security, or equivalent. Exposure working in AWS environments. Strong written communication — able to produce a clear, concise risk summary without extensive direction. Able to work independently across multiple workstreams without losing detail. Valued . Experience across multiple compliance frameworks (SOC 2, ISO 27001, HIPAA, etc). Relevant certifications (CISSP, CISM, Security+, OSCP). Who you are. You treat compliance as an operational discipline, not a documentation exercise. You can hold context across compliance, detection, and vuln management in the same week — and deliver on all of them. You escalate with context: not just 'here's an alert' but 'here's what it means and what I recommend we do'. You ask good questions and raise concerns early, rather than quietly working around them. You're comfortable in a lean team where scope is broad and not everything is handed to you on a plate. Company Location: United States.