Lead Security Engineer

About Us

Fieldguide is establishing a new state of trust for global commerce and capital markets through automating and streamlining the work of assurance and audit practitioners specifically within cybersecurity privacy and financial audit. Put simply we build software for the people who enable trust between businesses.

Were based in San Francisco CA but built as a remote-first company that enables you to do your best work from anywhere. Were backed by top investors including Growth Equity at Goldman Sachs Alternatives Bessemer Venture Partners 8VC Floodgate Y Combinator DNX Ventures Global Founders Capital Justin Kan Elad Gil and more.

We value diversity in backgrounds and in experiences. We need people from all backgrounds and walks of life to help build the future of audit and advisory. Fieldguides team is inclusive driven humble and supportive. We are deliberate and self-reflective about the kind of team and culture that we are building seeking teammates that are not only strong in their own aptitudes but care deeply about supporting each others growth.

As an early stage start-up employee youll have the opportunity to build out the future of business trust. We make audit practitioners lives easier by bringing together up to 50% of their work and giving them better work-life balance. If you share our values and enthusiasm for building a great culture and product you will find a home at Fieldguide.

About the Role

Fieldguide is a Vertical AI company building Agents for the most complex workflows in audit. We partner with ambitious enterprise customers including over 50 of the 100 largest accounting firms and operate in a $100B market undergoing rapid transformation.

Were looking for a Lead Security Engineer to build and own Fieldguides information security program. This role reports directly into our CTO and takes ownership of the technical security function and builds it into something that scales with the business.

Your primary focus is on securing code APIs and product architecture our customers depend on. Youll also bring working knowledge of infrastructure and cloud security. Your superpower should be embedding security into how software gets designed built and shipped. Youll partner closely with Engineering Product and Compliance to ensure security is foundational to everything we do.

What Youll Own

Application security and secure development

• Lead secure design reviews threat modeling and security-focused code reviews across the product and platform.

• Ensure security is ingrained into the SDLC so that the secure path is the easy path for engineers with secure-by-default libraries patterns and guardrails.

• Own authentication authorization API security and data protection architecture for a multi-tenant SaaS platform.

• Architect and maintain security tooling integrated into CI/CD pipelines: static analysis dependency scanning secrets detection.

AI security

• Evaluate and mitigate risks specific to Fieldguides AI Agents prompt injection data leakage through LLM contexts unauthorized tool use and unintended agent behaviors.

• Partner with Agent and Platform teams to define security boundaries for agent execution: sandboxing least-privilege tool access and runtime policy enforcement.

• Contribute to Fieldguides approach to responsible AI ensuring customer data is protected throughout the AI pipeline from ingestion through inference.

Vulnerability management

• Build and run Fieldguides vulnerability management program: scanning triage SLA-driven remediation tracking and engineering coordination.

• Ensure visibility into vulnerability posture across application code dependencies and infrastructure.

• Manage external penetration testing engagements bug bounty programs and coordinate remediation of findings.

Infrastructure security

• Partner with infrastructure engineering to review and improve cloud security across our AWS environment: IAM network architecture secrets management and logging.

• You dont need to be an AWS infrastructure expert but you should be comfortable identifying risks and recommending improvements.

• Ensure detection and monitoring capabilities are in place for security-relevant events via SIEM.

Security operations

• Establish runbooks communication protocols and post-incident review practices in coordination with a 24/7 MDR team.

• Collaborate with engineers on incident response processes and playbooks

Cross-functional leadership and customer trust

• Partner with Compliance to ensure technical controls satisfy framework requirements (SOC 2 ISO 27001 ISO 42001 FedRAMP).

• Help GTM teams articulate Fieldguides security posture to enterprise customers.

• Start as an individual contributor but as the security program matures hire and mentor security engineers. Set the culture and standards for how security operates at Fieldguide.

What Success Looks Like

• Security is embedded in the development lifecycle. EPD team members engage with security early and often not as a gate at the end.

• The security function uses AI and automation aggressively to punch above its weight. Manual toil is minimized and the teams leverage grows faster than its headcount.

• Fieldguide has a clear measurable vulnerability management posture with SLAs that engineering consistently meets.

• Enterprise customers and auditors see a mature well-articulated security program that builds confidence and accelerates deals.

• The security function scales through automation tooling and clear ownership rather than heroics.

Who You Are

• AppSec-first mindset: Your core strength is application security. You think about auth flows data isolation injection vectors and API boundaries instinctively. Youve found and fixed real vulnerabilities in production systems.

• AI-native instincts: You have a practical thesis on using LLMs agents and automation to multiply the security teams impact. Youre excited to use AI for tasks like automated code review triage vulnerability prioritization security questionnaire drafting and pattern detection so the security function scales through leverage not just headcount.

• Engineer who does security: You write code read code and think about security through an engineering lens. Youre comfortable contributing to production systems in Python and TypeScript when needed.

• Pragmatic risk thinker: You can look at a system design and quickly identify where the risks are then prioritize based on actual impact rather than theoretical severity.

• Strong communicator: You translate security risks into business terms influence engineering teams without direct authority and present to enterprise customers with confidence.

• Comfortable with ambiguity: Youre owning a lot at a growth-stage company and will not have playbooks for everything. Youre energized by that.

Experience

• 8 years in security with a primary background in application security product security or security-focused software engineering.

• Track record of building or significantly maturing a security program ideally at a growth-stage SaaS company.

• Strong programming skills with demonstrated experience writing production software.

• Familiarity with AWS security services and patterns: IAM VPC CloudTrail KMS. You can identify misconfigurations and security gaps even if youre not the one writing Terraform.

• Experience with threat modeling methodologies and secure design review processes.

• Experience managing external penetration tests and coordinating remediation.

• Familiarity with AI/LLM security considerations and emerging risks in agentic AI systems is a plus.

• Experience supporting compliance frameworks (SOC 2 ISO 27001 NIST FedRAMP) from the technical controls side is a plus.

More about Fieldguide

Fieldguide is a values-based company. Our values are:

• Fearless - Inspire & break down seemingly impossible walls.

• Fast - Launch fast with excellence iterate to perfection.

• Lovable - Deliver happiness & 11 star experiences.

• Owners - Execute & run the business with ownership.

• Win-win - Create mutual value & earn trust for life.

• Inclusive - Scale the best ideas with inclusive teams.

Some of our benefits include

• Competitive compensation packages with meaningful ownership

• Flexible PTO

• 401k

• Wellness benefits

• Technology & Work from Home reimbursement

• Flexible work schedules

Required Experience:

IC