Senior Security Engineer

About MetaformsAt Metaforms, we're redefining how market research gets done.Our AI platform empowers the world's leading research agencies to scale 10x faster while maintaining quality. With AI Agents augmenting survey programming, data processing, and project management, we help customers like Dynata, Savanta, and Borderless Access deliver more projects with less effort. 1,000+ surveys processed monthly Serving Fortune 500 companies Experiencing rapid month-over-month growth Backed by $9M in Series A funding to aggressively scaleWe're now expanding into the enterprise market, where customers in the US and EU have stringent security and compliance requirements. To unlock this next growth phase, we must achieve SOC2 and GDPR compliance, build a comprehensive security program, and confidently engage in CISO-level security conversations. The RoleWe're hiring our first dedicated Senior Security Engineer to build Metaforms' security foundation from the ground up.You'll own security posture, compliance certifications, and customer-facing security conversations — leading everything from SOC2 audits to architecture reviews to infosec calls with enterprise buyers.This is not just a GRC/compliance role — it requires strong technical depth. You'll implement security controls, design secure architecture, and still be able to articulate our security posture clearly and confidently to enterprise clients.Your work will directly unlock revenue, as enterprise deals worth $100K–$500K ARR currently depend on our ability to demonstrate security and compliance maturity. What You'll Own1. Customer-Facing Security (30%)Complete enterprise security questionnaires and RFPs — our top priority.Join customer infosec calls and confidently answer detailed technical and policy questions.Maintain customer-facing security documentation, including architecture and data flow diagrams.Participate in vendor security assessments with enterprise customers.Collaborate with founders and sales on security sections of enterprise proposals. Critical: Customers are waiting on security responses. You must be able to handle these conversations independently and confidently.2. Compliance & Certifications (30%)Lead SOC2 Type I & II, GDPR, HIPAA readiness, and ISO 27001 programs.Partner with compliance automation vendors (Scrut, Vanta, Drata, Secureframe) to streamline audits.Create and maintain internal security policies and compliance documentation.Coordinate audit evidence collection and drive audit readiness.3. Security Implementation (25%)Implement application security controls (authentication, authorization, encryption, API security).Define and enforce access management policies for production environments.Collaborate with Platform Engineering to implement:Audit loggingAccess controlsSecrets managementData encryption (at rest & in transit)Network securityConduct risk assessments and prioritize remediation.Lead security awareness and training across engineering.4. Security Operations (15%)Set up and monitor security alerts, logs, and SIEM tools.Conduct security code reviews for critical systems.Manage vulnerability assessments and penetration tests.Own incident response and post-mortems.Evaluate third-party vendors for security and privacy risks. Who You AreMust-Have Experience5+ years in Security Engineering at B2B SaaS companies.Hands-on experience with SOC2 (at least one full audit cycle).Strong experience in customer-facing security conversations.Deep technical knowledge of:Authentication & Authorization (OAuth2, SAML, JWT)Encryption (symmetric/asymmetric, TLS, at-rest/in-transit)Cloud Security (IAM, secrets management, network controls)Experience implementing security controls in AWS/GCP/Azure.Familiarity with SOC2, GDPR, HIPAA, ISO 27001 frameworks.Experience with SIEM, vulnerability scanners, and pen testing.Ability to read code and spot security vulnerabilities.Comfort working with US/EU enterprise customers.Critical Soft Skills (Non-Negotiable)Confident communicator — can handle CISO-level conversations with ease.Extremely self-directed — sees what needs to be done and executes.Fast learner — quickly understands product architecture.Pragmatic — balances perfect security with real-world business needs.Collaborative — works tightly with Platform and Product Engineering.Detail-obsessed — builds airtight documentation.Startup mindset — comfortable with ambiguity and fast-paced change.Nice-to-HaveSecurity certifications (CISSP, CISM, CEH, or cloud security certs).Experience with compliance automation tools (Vanta, Drata, Secureframe).Previous experience building a security program from scratch at a startup.Background in regulated industries (finance, healthcare, etc.).Penetration testing or red teaming experience. Why Join Metaforms?High ImpactBe the first security hire defining Metaforms' entire security strategy.Directly unlock $500K+ enterprise deals by building compliance readiness.Own end-to-end security and compliance across systems and customers.Work closely with founders and platform engineers daily.Technical ChallengeBuild enterprise-grade security for a global SaaS platform.Solve data residency and multi-tenant security challenges.Greenfield opportunity — build the program right from day one.Leverage modern tools and automation for scale.GrowthAs we scale, build and lead the security team.Gain high visibility with enterprise clients and CISOs.Earn career-defining experience in compliance and enterprise security.Learn how to balance speed and security in a fast-scaling AI startup. What Success Looks LikeMonth 1 — Onboarding & Quick WinsUnderstand Metaforms' product, architecture, and security posture.Complete 5 – 10 security questionnaires confidently.Join initial customer InfoSec calls and respond effectively.Own compliance readiness assessment with vendor (Vanta/Scrut/Drata).Collaborate with Platform Engineer on security roadmap.Month 3 — Building MomentumSecurity questionnaire turnaround time < 48 hours.No escalations — you own all security conversations independently.Security controls implementation roadmap defined and under execution.Confident in leading customer InfoSec calls solo.SOC 2 audit preparation and policy rollout underway.Implement audit logging, IAM, and secrets management with Platform team.Month 6 — Enterprise-Ready SecuritySOC 2 Type I certification completed or in final review.Fully operational security monitoring and incident response systems.Security documentation & compliance reports ready for enterprise clients.Successfully managed first full customer security audit or RFP cycle.Completed initial penetration testing and remediation cycle.Recognized as the go-to security authority across Metaforms. BenefitsFull family health insurance$1,000 USD annual reimbursement for skill developmentDedicated mentor/coach supportFree lunch & dinner at the officeMonthly food/snacks allowance