Security Engineer, Patreon

• Minimum of 4 years of combined experience in Security Engineering, GRC, or related roles in an enterprise or cloud-native environment
• Bachelor’s degree in Computer Science, Information Security, or related field (or 6+ years of relevant experience in lieu of degree)
• Strong foundation in one or more programming/scripting languages (e.g., Python) for automation and tooling
• Hands-on experience implementing and managing security controls (SIEM, SOAR, EDR, IDS/IPS, IAM)
• Demonstrated ability to evaluate and secure cloud infrastructure using IaC tools (e.g., Terraform, CloudFormation)
• Proficiency in threat detection, incident response, and investigation methodologies (familiarity with MITRE ATT&CK)
• Working knowledge of key security standards and regulations (e.g., NIST CSF, ISO 27001, HIPAA, PCI-DSS, GDPR)
• Experience executing audits, risk assessments, and managing compliance programs; familiarity with GRC platforms preferred
• Ability to develop meaningful security metrics and translate technical details into business-impact language

• We are looking for a mid-level (L4) Security Engineer to join our growing Security team.
• In this role, you will be responsible for designing and implementing security automation, detection, and response capabilities while also owning and streamlining Governance, Risk, and Compliance (GRC) functions.
• Your contributions will help ensure our platform and corporate environment remain protected and compliant, empowering us to scale securely
• Design & Implement Security Solutions
• Architect and deploy tools and processes that strengthen our infrastructure and corporate security posture in cloud-native (AWS), containerized (Kubernetes/Docker), and on-prem environments
• Engineer and maintain controls across multiple security domains (e.g., Endpoint Detection and Response, Cloud Detection and Response, CI/CD, SIEM, IAM, PKI, etc.)
• Automate Security Detection & Response
• Develop and refine security detection rules, playbooks, and workflows to respond to threats in real time
• Build integrations and automated pipelines leveraging DevOps/SecOps tools (e.g., Python scripting, APIs, webhooks) to accelerate investigation and remediation
• Security Incident Handling
• Triage and investigate security alerts and incidents, leading cross-functional coordination when required
• Drive the continuous improvement of incident response processes and technologies used for detection and containment
• Governance, Risk & Compliance (GRC)
• Lead risk management efforts by conducting risk assessments, third-party vendor reviews, and compliance checks against frameworks (e.g., ISO, NIST, PCI, HIPAA)
• Develop and maintain security metrics (KRI/KPI/OKR) to communicate program effectiveness and inform strategic decisions
• Contribute to audits, assessments, and certification processes; maintain and optimize GRC tooling to manage evidence gathering and continuous monitoring
• Draft and evolve security policies, standards, and documentation in alignment with regulatory requirements and industry best practices
• Cross-Functional Collaboration
• Partner with Product, Engineering, Legal, and other business teams to embed security requirements into new and existing features
• Provide threat modeling and security architecture guidance to software development teams to ensure secure design from the ground up
• Continuous Improvement & Thought Leadership
• Participate in proactive threat hunting and vulnerability management programs to reduce risk exposure
• Remain current on industry trends, emerging threats, and new security technologies
• Act as an internal champion for security awareness, training, and best practices across the organization

• Gym membership
• Commuter stipend
• Training budget
• Work from home opportunities
• Health insurance
• Stock options
• 401k

Total funding: $352.1m

Creatives face two major struggles in the online space: getting eyes (or ears) on their work, and getting paid for it. Patreon was founded to solve both problems with a platform that would provide a space for creators to host and promote their work, and offer supporters a way to show their support through a regular paid subscription.