Lead Security Engineer

Lead Security Engineer About Us Fieldguide is establishing a new state of trust for global commerce and capital markets through automating and streamlining the work of assurance and audit practitioners specifically within cybersecurity, privacy, and financial audit. Put simply, we build software for the people who enable trust between businesses. We’re based in San Francisco, CA, but built as a remote-first company that enables you to do your best work from anywhere. We're backed by top investors including Growth Equity at Goldman Sachs Alternatives, Bessemer Venture Partners, 8VC, Floodgate, Y Combinator, DNX Ventures, Global Founders Capital, Justin Kan, Elad Gil, and more. We value diversity — in backgrounds and in experiences. We need people from all backgrounds and walks of life to help build the future of audit and advisory. Fieldguide’s team is inclusive, driven, humble and supportive. We are deliberate and self-reflective about the kind of team and culture that we are building, seeking teammates that are not only strong in their own aptitudes but care deeply about supporting each other's growth. As an early stage start-up employee, you’ll have the opportunity to build out the future of business trust. We make audit practitioners’ lives easier by bringing together up to 50% of their work and giving them better work-life balance. If you share our values and enthusiasm for building a great culture and product, you will find a home at Fieldguide. About the Role Fieldguide is a Vertical AI company building Agents for the most complex workflows in audit. We partner with ambitious enterprise customers, including over 50 of the 100 largest accounting firms, and operate in a $100B+ market undergoing rapid transformation. We’re looking for a Lead Security Engineer to build and own Fieldguide’s information security program. This role reports directly into our CTO and takes ownership of the technical security function and builds it into something that scales with the business. Your primary focus is on securing code, APIs, and product architecture our customers depend on. You’ll also bring working knowledge of infrastructure and cloud security. Your superpower should be embedding security into how software gets designed, built, and shipped. You’ll partner closely with Engineering, Product, and Compliance to ensure security is foundational to everything we do. What You’ll Own Application security and secure development - Lead secure design reviews, threat modeling, and security-focused code reviews across the product and platform. - Ensure security is ingrained into the SDLC so that the secure path is the easy path for engineers with secure-by-default libraries, patterns, and guardrails. - Own authentication, authorization, API security, and data protection architecture for a multi-tenant SaaS platform. - Architect and maintain security tooling integrated into CI/CD pipelines: static analysis, dependency scanning, secrets detection. AI security - Evaluate and mitigate risks specific to Fieldguide's AI Agents — prompt injection, data leakage through LLM contexts, unauthorized tool use, and unintended agent behaviors. - Partner with Agent and Platform teams to define security boundaries for agent execution: sandboxing, least-privilege tool access, and runtime policy enforcement. - Contribute to Fieldguide's approach to responsible AI, ensuring customer data is protected throughout the AI pipeline from ingestion through inference. Vulnerability management - Build and run Fieldguide’s vulnerability management program: scanning, triage, SLA-driven remediation tracking, and engineering coordination. - Ensure visibility into vulnerability posture across application code, dependencies, and infrastructure. - Manage external penetration testing engagements, bug bounty programs, and coordinate remediation of findings. Infrastructure security - Partner with infrastructure engineering to review and improve cloud security ... (truncated, view full listing at source)