Compa is a venture-backed AI startup revolutionizing the future of compensation! We're bringing AI-forward tools and human-centered engineering to make pay competitive and fair, for all. By offering a premier, live compensation data platform that delivers top-tier intelligence to enterprise teams, we enable the world's largest companies to make smart and fair decisions while staying competitive and compliant. In dynamic job markets during the rise of AI, companies need the best data to stay competitive!
Our force-multiplying team is powered by live data and thoughtful design, and our products have earned the trust of the world’s largest companies: NVIDIA, Stripe, DoorDash, OpenAI, Moderna, Workday, Ulta, Target, and more.
Come build with us!
The RoleWe are looking for a Product Security Engineer to build and scale the Product Security function at Compa. This is the first dedicated security hire at the product layer - a senior individual contributor role reporting directly to the Head of Security.
You’ll set the security bar, establish standards and patterns, provide architectural guidance, and build leverage through tooling and automation. You are an advisor, architect, and builder: Security sets the direction; Engineering builds at scale. You’ll define secure engineering practices, operationalize them through repeatable processes, automation, and developer tooling, and continuously improve them as we grow.
When a strategic security initiative spans application code, cloud infrastructure, identity, and platform, you will lead it from design through initial implementation, then partner with Engineering to scale and maintain.
You will be the security voice in the room when consequential decisions are made, proactively shaping how Engineering and Product think about security, risk, architecture, and secure software development.
ResponsibilitiesSet the Security Bar
Perform architecture reviews, threat modeling, and security design reviews across applications, APIs, cloud infrastructure, data pipelines, and AI-enabled systems.
Develop security standards, reference architectures, and secure design patterns that enable teams to build securely by default.
Define and continuously improve the Secure Software Development Lifecycle (SDLC), embedding security throughout engineering workflows and release processes.
Lead security assessments for new products, major features, third-party integrations, and emerging technologies.
Serve as a trusted technical advisor on security architecture, implementation decisions, and risk tradeoffs.
Communicate security concepts clearly across audiences — from engineering design reviews to product documentation, trust portal content, and customer diligence conversations.
Build Leverage Through Tooling and Enablement
Design and build reusable security patterns, libraries, and developer tooling that scale secure-by-default practices across engineering.
Implement security automation and guardrails that improve security posture while reducing developer friction.
Partner with Platform Engineering on cloud security posture, infrastructure hardening, secrets management, workload identity, and security observability.
Advance AI Security
Define and operationalize secure patterns for AI-enabled products, agents, MCP servers, tool integrations, and retrieval systems.
Evaluate emerging AI security risks and translate them into practical architectural guidance, engineering controls, and platform capabilities.
Partner with developers to improve the safe and scalable use of AI throughout the software development lifecycle, including AI-assisted tools and emerging workflows.
Build When It Matters
Prototype and deliver initial production-ready implementations for strategic initiatives, establishing patterns for broader adoption.
Contribute to security incident response, investigations, and remediation when needed.
5+ years of Software Engineering experience to include building and shipping production software.
Strong programming fundamentals in at least one modern language, with aptitude to quickly learn others.
Experience performing application security reviews, threat modeling, or security design reviews.
Experience designing, building, or securing cloud-native applications and distributed systems.
Strong understanding of cloud security, IAM, CI/CD, containers, infrastructure-as-code, and software supply chain security.
Experience influencing engineering organizations through technical leadership and architectural guidance.
Strong systems thinking, sound judgment, and the ability to reason about architecture, scale, operational risk, and engineering tradeoffs while operating effectively in ambiguous, fast-moving environments.
Ability to translate security risk into business and engineering terms, and to influence decisions at the leadership level without direct authority.
Experience securing cloud-native infrastructure in AWS environments.
Experience designing or implementing enterprise-facing capabilities such as SAML, SCIM, RBAC, audit logging, or customer-facing security controls.
Experience building security automation, developer tooling, or internal platforms that improved engineering velocity and security outcomes.
Experience building, operating, or securing AI-enabled products, agents, MCP servers, or retrieval systems.
Experience building or scaling a Product Security or Security Engineering function in a high-growth technology company.
Compa offers a competitive and comprehensive benefits package including medical, dental, vision, PTO and parental leave, equity, company offsites, continuous education, commuter benefits and a flexible work environment.
Compa Irvine, California, USA Office
19800 Macarthur Blvd, Irvine, California, United States, 92612 2402
Similar Jobs at Compa
What you need to know about the Los Angeles Tech Scene
Key Facts About Los Angeles Tech
- Number of Tech Workers: 375,800; 5.5% of overall workforce (2024 CompTIA survey)
- Major Tech Employers: Snap, Netflix, SpaceX, Disney, Google
- Key Industries: Artificial intelligence, adtech, media, software, game development
- Funding Landscape: $11.6 billion in venture capital funding in 2024 (Pitchbook)
- Notable Investors: Strong Ventures, Fifth Wall, Upfront Ventures, Mucker Capital, Kittyhawk Ventures
- Research Centers and Universities: California Institute of Technology, UCLA, University of Southern California, UC Irvine, Pepperdine, California Institute for Immunology and Immunotherapy, Center for Quantum Science and Engineering

