Senior Engineer, Security & Compliance (US)
Back to Jobs
Code and TheoryGet Smart Job AI Coach in the appFree on iOS and Android 






Senior Engineer, Security & Compliance (US)
110,000–150,000 / Year
Location
Austin, Texas, United States; New York, New York, United States; San Francisco, California, United States
Experience
Senior
Posted
Jul 7, 2026
Apply by
August 6, 2026
Applicants
0
Early applicantFull-timeWork from Home
Job Description
The Machine is the agentic operating system for marketing, built by Code & Theory. It plugs into the tools marketing teams use and turns disconnected workflows into a single intelligent system, connecting brand strategy, creative production, and media performance. The Machine helps power agencies across Stagwell's network and world-leading brands.
We're looking for a Senior Security Engineer to be the hands-on technical backbone of our security and compliance program across our SaaS products and client delivery work. This role would own the implementation — building the controls, tooling, automation, and processes that make our security program real. You'll work directly with engineering teams, embed into delivery workflows, and be the person who actually builds and runs the systems that keep our products and client data secure.
Our engineers are AI native and engage in and advance the state of the art in the practice of software development flow with AI.
**WHAT YOU'LL DO**
- Build and maintain security controls across our cloud infrastructure and SaaS products — identity and access, encryption, logging, monitoring, secrets management, and multi-tenancy patterns
- Own the technical implementation of SOC 2 Type II, ISO 27001, and ISO 42001 compliance — building evidence pipelines, automating control testing, and maintaining audit artifacts
- Instrument and operate security monitoring and alerting across cloud environments (GCP, AWS, and/or Azure), with hands-on responsibility for threat detection, log aggregation, and response
- Partner with engineering teams to embed security into CI/CD pipelines — vulnerability scanning, SAST/DAST tooling, dependency management, container security, and secure code review
- Implement privacy controls in product and client environments, including data classification, retention, access controls, and audit logging aligned to HIPAA, GDPR, and CCPA/CPRA requirements
- Execute the client engagement security model — provisioning and deprovisioning access, configuring environment segregation, and meeting client-specific delivery security requirements
- Conduct hands-on vendor security assessments, reviewing third-party architectures, configurations, and data handling practices
- Maintain and test incident response playbooks; lead technical response and forensic analysis during security events
- Build and maintain AI-specific security controls — reviewing model inputs/outputs, securing agent workflows, managing prompt injection and data leakage risks in AI-enabled products
- Contribute to the security questionnaire and RFP response library, serving as the technical author for detailed customer assurance requests
**WHAT YOU'LL NEED**
- 5+ years of hands-on security engineering experience, ideally spanning SaaS product environments and/or professional services/agency delivery
- Deep practical knowledge of cloud security in at least one major platform (GCP, AWS, or Azure) — IAM, networking, secrets management, logging, and security tooling
- Hands-on experience with SOC 2 Type II and ISO 27001 control implementation — not just familiarity with frameworks, but actually building and operating the controls
- Experience building security automation across CI/CD pipelines — integrating vulnerability scanners, SAST/DAST tools, and policy enforcement into engineering workflows
- Working knowledge of privacy regulations (HIPAA, GDPR, CCPA/CPRA) and experience implementing technical controls that operationalize compliance requirements
- Proficiency with security monitoring and SIEM tooling — building detection logic, tuning alerts, and responding to incidents with real technical depth
- Strong communication skills — you can explain a complex finding clearly to an engineer, a PM, or a client, and write a crisp, credible response to a security questionnaire
- Comfort working across a distributed, fast-moving organization with multiple concurrent workstreams
- Experience working with AI-enabled development tools and integrating security thinking into AI-assisted workflows
- Hands-on experience reviewing and hardening AI agent workflows — understanding risks like prompt injection, data leakage, and model misuse in production systems
- Comfortable leveraging AI-enabled development tools and workflows to accelerate engineering, automation, debugging, and operational tasks
- Experience orchestrating multi-step AI or agent-driven workflows, including selecting appropriate models, tools, and execution patterns for different use cases
- Strong judgment reviewing and hardening AI-assisted output for security, scalability, maintainability, and architectural fit
- Experience building or maintaining prompts, evaluation frameworks, documentation, or operational context systems that improve engineering velocity and reliability
- Familiarity with automated evaluation and feedback loops for AI-enabled systems and workflows
**NICE TO HAVE**
- Experience in agency, consultancy, or enterprise SaaS environments where you've had to meet varying client security requirements
- Familiarity with ISO 42001 and AI governance frameworks
- Experience securing multi-tenant SaaS architectures at the infrastructure and application layer
- Relevant certifications: CISSP, CCSP, AWS/GCP/Azure Security Specialty, CIPP, or similar
- Experience with infrastructure-as-code security tooling (e.g., Checkov, tfsec, OPA/Rego)
**ABOUT US**
Born in 2001, Code and Theory is a digital-first creative agency that sits at the center of creativity and technology. We pride ourselves on not only solving consumer and business problems, but also helping to establish new capabilities for our clients. With a global client roster of Fortune 100s and start-ups alike, we crave the hardest problems to solve. We have teams distributed across North America, South America, Europe, and Asia. The Code and Theory global network of agencies is growing and includes Kettle, Instrument, Left Field Labs, Create Group, Current, and TrueLogic.
Striving never to be pigeonholed, we work across every major category: from tech to CPG, financial services to travel & hospitality, government and education to media and publishing. We value the collaboration with our client partners, including but not limited to Adidas, Amazon, Con Edison, Diageo, EY, J.P. Morgan Chase, Lenovo, Marriott, Mars, Microsoft, Thomson Reuters, and TikTok.
The Code and Theory network is comprised of nearly 2,000 people with 50% engineers and 50% creative talent. We’re always on the lookout for smart, driven, and forward-thinking people to join our team.
*The base compensation range for this role is $110,000 – $150,000 and spans multiple levels. We're open to hiring at the level that best matches the right candidate's experience. Actual compensation is influenced by a wide array of factors including but not limited to skill set, level of experience, budget, and location.*
Key Responsibilities
- Build and maintain security controls across cloud infrastructure and SaaS products including identity, encryption, and logging.
- Own technical implementation of SOC 2 Type II, ISO 27001, and ISO 42001 compliance by building evidence pipelines and automating control testing.
- Instrument and operate security monitoring and alerting across cloud environments for threat detection and response.
- Partner with engineering teams to embed security into CI/CD pipelines including vulnerability scanning and secure code review.
- Implement privacy controls aligned to HIPAA, GDPR, and CCPA/CPRA requirements.
- Execute client engagement security models including access provisioning and environment segregation.
- Conduct hands-on vendor security assessments and review third-party architectures.
- Maintain and test incident response playbooks and lead technical response during security events.
- Build and maintain AI-specific security controls for model inputs, outputs, and agent workflows.
- Contribute to security questionnaires and RFP responses as the technical author.
Skills Required
Cloud SecurityGCPAWSAzureIAMNetworkingSecrets ManagementLoggingSecurity ToolingSOC 2 Type IIISO 27001ISO 42001CI/CDVulnerability ScanningSASTDASTDependency ManagementContainer SecuritySIEMHIPAAGDPRCCPA/CPRAIncident ResponseForensic AnalysisAI SecurityPrompt InjectionData Leakage PreventionCommunicationCollaborationJudgmentAdaptabilityAI Governance FrameworksMulti-tenant SaaS ArchitectureInfrastructure-as-Code SecurityCheckovtfsecOPA/Rego
App exclusive · Free
Smart Job AI Coach
Your personal interview coach on every job — readiness tips, profile improvements, and role-specific prep. Available only in the Pulse Job app.
Interview readiness
See how prepared you are and what to improve for each role.
Personalized tips
Actionable suggestions based on your profile and the job.
After you apply
Keep coaching momentum from job detail through application success.
Similar roles for you
Matched using this role's title and skills. Open the job search anytime to see every listing.

Senior Security Engineer
Jobgether
Full-timeWork from Home
UKSenior

Senior Security Engineer
Jobgether
Full-timeWork from Home
GermanySenior

Senior Security Engineer
Jobgether
Full-timeWork from Home
SwitzerlandSenior

Senior Security Engineer
Jobgether
Full-timeWork from Home
FranceSenior

Senior Security Engineer
Jobgether
Full-timeWork from Home
SpainSenior

Senior Infrastructure Engineer
ampliphi
Full-timeWork from Home
IndiaSenior