Lead Security Engineer

Role As the Lead Security Engineer at Samaya, you will build the security foundation that enables us to win and retain the world's most security-conscious financial institutions as customers. We run Python and Kubernetes workloads on GCP that process sensitive financial data at scale — and this is our first dedicated security hire. You'll own everything: building controls, running compliance programs, and representing security externally to enterprise customers. Security Infrastructure: You will design and implement cloud security controls across our GCP environment — including IAM, KMS/CMEK, DLP, network controls, single-tenant isolation, secrets management, and audit logging. You'll own our security operations stack (SIEM, endpoint, alerting) and vulnerability management program, ensuring our platform meets the standards of the most demanding financial institutions in the world. Compliance Ownership: You will own our end-to-end compliance programs — SOC 2 Type II, ISO 27001, and what comes next — including evidence collection, auditor management, and our compliance tooling stack. You'll turn compliance findings into engineering work and customer-facing artifacts, maintaining policies and governance docs aligned with standards and regulators. Customer Trust: You will be Samaya's security face to enterprise customers. You'll support sales and customer success in security conversations with bank and hedge fund InfoSec teams, build scalable processes to handle DDQs and security questionnaires, and translate technical controls into business language that builds trust. In this role, you will be the sole security owner at a high-growth Series A company — and will have a clear path to building a small security team as Samaya scales. Responsibilities Build and operate security controls across GCP: cloud security posture, DLP, KMS/CMEK, secrets management, single-tenant isolation, IAM, network controls, and audit logging Own incident response playbooks, tabletop drills, and cross-team coordination during security incidents Run vulnerability management, including scanners and red-team-style assessments Define and enforce access controls to production systems, internal tools, and SaaS applications; own the security ops stack (SIEM, endpoint, alerting) Own end-to-end compliance: SOC 2 Type II, ISO 27001, and what comes next — including evidence collection, auditor management, and compliance tooling Turn compliance findings into engineering work and customer-facing artifacts; maintain policies, governance docs, and alignment with standards and regulators Support sales and customer success in security reviews with enterprise InfoSec teams; build processes to handle DDQs and security questionnaires at scale Experience Required 6+ years in security engineering, with at least one stint as the primary security owner at a startup or small company Proven SOC 2 Type II and/or ISO 27001 delivery — ran the program end-to-end, not just supported a consultant Hands-on GCP or AWS experience: IAM, KMS, CMEK, VPC, Security Command Center Terraform and IaC fluency — can write and review real infrastructure code, not just review it conceptually Comfortable representing security externally to customers, auditors, or regulators Preferred Experience in financial services or similarly regulated industries Background supporting enterprise security reviews or sales cycles Familiarity with security ops tooling: SIEM, EDR/endpoint management, vulnerability scanners, DLP Enough Kubernetes and Python experience to work directly with engineering on controls Experience with compliance tooling such as Vanta, Drata, or similar Compensation The cash compensation range for this role is $220,000 – $260,000. Final offer amounts are determined by multiple factors, including experience and expertise, and may vary from the amounts listed above. In addition to the base salary, we may consider equity as part of our total compensation package. B ... (truncated, view full listing at source)