Security Engineer

HeyGen HeyGen · Multimodal · Los Angeles, CA +2 · Engineering

Security Engineer responsible for the security posture of an AI company, focusing on product and infrastructure security, fraud detection, cloud hardening, AI security, and compliance (SOC 2). The role involves writing code, reviewing architectures, and building secure features and infrastructure.

What you'd actually do

  1. Partner with engineering teams as an embedded security expert — writing code, reviewing architectures, and building secure application features and infrastructure components from the ground up.
  2. Design and implement automated fraud detection systems to mitigate platform abuse, credential stuffing, and payment fraud. Partner with product and engineering to build real-time monitoring and rapid-response remediation workflows.
  3. Own the strategy and execution for hardening our AWS/Python infrastructure. Build and run a robust vulnerability management program, including network security, cloud configuration, and remediation workflows.
  4. Serve as HeyGen's point person for AI and agentic system security. As we scale our agentic coding and AI agent products, you will ensure these rollouts are designed and deployed with strong security controls.
  5. Oversee our SOC 2 compliance operations (currently managed via Drata) and annual audit cycles. Evaluate and roadmap future certifications, including ISO 27001, as the business scales.

Skills

Required

  • Python
  • AWS
  • cloud infrastructure security
  • application security
  • vulnerability management
  • network security
  • IAM
  • secrets management
  • GRC frameworks
  • compliance programs (SOC 2, ISO 27001, or equivalent)
  • threat modeling
  • fraud detection
  • AI security

Nice to have

  • modern security tooling (Drata, Infisical, Bugcrowd, or equivalents)

What the JD emphasized

  • ship secure features
  • AI and agentic system security
  • agentic coding and AI agent products
  • SOC 2 compliance

Other signals

  • AI Security
  • agentic system security
  • fraud detection
  • cloud hardening
  • SOC 2 compliance