Security Engineer; Internal
Listed on 2026-06-30
-
IT/Tech
Cybersecurity, Information Security, Security Manager
Location: Greater London
Summary of the Role:
As Security Engineer (Internal) at Maze, you'll own how we secure ourselves — our cloud, our applications, and the way our engineers build. This is a unique opportunity to join a well‑funded Series A startup building at the intersection of generative AI and cybersecurity, establishing the internal security foundation that lets a three‑product company keep moving fast as it scales.
You'll take hands‑on ownership of cloud infrastructure security, application security, security tooling, and the compliance work that unlocks enterprise deals. We're deliberately looking for a strong generalist rather than a narrow specialist: someone who can harden our AWS environment and identity model, get into the weeds on application security, and run a pragmatic compliance program — and who knows when a control is worth the friction and when it isn’t.
Your success will be measured by the robustness of our security posture, our readiness for enterprise customer requirements, and your ability to make secure the default path for engineering rather than a blocker.
This role is perfect for a pragmatic, broad security engineer who has built and run security at a startup, thrives with autonomy, and wants to own a domain end‑to‑end. You'll be our founding internal security hire — but not a lone wolf for long: this is the first role in a function we expect to grow, and as we scale we'll add to the team and bring in dedicated security leadership.
You'll set the foundations the rest of that team is built on, and have a clear runway to grow alongside it.
- Harden Our Cloud Infrastructure: Secure our AWS environment by design — identity and access management, hardening, network and infrastructure‑as‑code controls (Terraform) — closing real risk rather than chasing check boxes
- Own Application Security: Embed application security into how we build, from secure‑by‑default patterns and code review guidance to triaging and driving down vulnerabilities across our own products and services
- Build Security Tooling and Monitoring: Stand up the monitoring, logging, and alerting that gives us visibility across infrastructure and applications, and serve as our first line of defence
- Run Compliance Pragmatically: Lead readiness for SOC2, ISO
27001, and similar frameworks — building the controls, documentation, and evidence that support enterprise sales without drowning the team in process - Establish Security Policies That Enable: Create practical security policies and procedures that keep standards high while letting the team move quickly — no security theatre
- Automate Security Operations: Build security automation and tooling in code, using AI‑assisted workflows to ship faster while keeping quality high
- Manage Vendor and Supply‑Chain Security: Assess third‑party vendors and tools so our supply chain meets enterprise expectations
- Enable Incident Response: Develop incident response plans and runbooks, and establish clear processes for detecting, responding to, and recovering from security incidents
- Broad, Hands‑On Security Engineering: 5+ years building and running security, with genuine breadth across cloud security and application security rather than depth in only one — comfortable being the person who covers the whole surface area
- AWS Security Expertise: Deep, hands‑on knowledge of AWS security — IAM, hardening, and AWS‑native security tooling — with the judgement to prioritise what matters
- Application Security Capability: Real experience finding and fixing application‑layer vulnerabilities, and embedding secure development practices into engineering workflows
- Infrastructure as Code Proficiency: Strong experience managing security controls programmatically with Terraform, building secure, scalable infrastructure through code
- Coding and Scripting
Skills:
Proficiency in Python, Bash, or similar for security automation, custom tooling, and integrating security into development workflows - Compliance and GRC Know‑How: Practical experience translating SOC2, ISO
27001, or similar requirements into technical controls — without letting process become the product - Pragmatic Security…
To Search, View & Apply for jobs on this site that accept applications from your location or country, tap here to make a Search: