Security Engineer

HeyGen

$120K — $160K *
Information Technology
Less than 5 years of experience
Job Overview by Ladders

Qualifications

  • Strong software engineering background with hands-on Python and AWS experience.
  • Demonstrated experience in securing cloud infrastructure and applications, including vulnerability management.
  • Familiarity with GRC frameworks and compliance programs, such as SOC 2 and ISO 27001.
  • Excellent communication skills for translating technical concepts across teams and compliance stakeholders.
  • Comfortable managing priorities in a fast-paced, ambiguous environment.
  • Experience with modern security tooling is an advantage.

Responsibilities

  • Partner with engineering teams to write code and build secure application features from the ground up.
  • Design and implement automated fraud detection systems to mitigate platform abuse and fraud.
  • Own strategy and execution for hardening AWS/Python infrastructure and manage vulnerability programs.
  • Serve as the point person for AI security, ensuring safe deployment of AI products.
  • Oversee SOC 2 compliance operations and roadmap future certifications as the business scales.
  • Provide oversight for platform abuse and IT security incidents.

Benefits

  • Opportunity to solve unique security challenges at a rapidly growing SaaS company.
  • A security philosophy focused on enabling fast-paced engineering rather than hindering it.
  • Access to mature security tooling from the start, enhancing productivity.
  • Autonomy to influence and shape the security roadmap within a small, impactful team.
Full Job Description
Position Summary

As a Security Engineer at HeyGen, you will own the security posture of one of the fastest-growing AI companies in the world. You will partner directly with engineering teams to ship secure features, harden our cloud infrastructure, and build the compliance and trust programs that unlock enterprise deals. This is a high-impact, high-autonomy role for an engineer who thinks in threat models and ships code.

Key Responsibilities
  • Product & Infrastructure Security: Partner with engineering teams as an embedded security expert - writing code, reviewing architectures, and building secure application features and infrastructure components from the ground up.
  • Fraud Detection & Remediation: Design and implement automated fraud detection systems to mitigate platform abuse, credential stuffing, and payment fraud. Partner with product and engineering to build real-time monitoring and rapid-response remediation workflows.
  • Cloud & Vulnerability Management: Own the strategy and execution for hardening our AWS/Python infrastructure. Build and run a robust vulnerability management program, including network security, cloud configuration, and remediation workflows.
  • AI Security: Serve as HeyGen's point person for AI and agentic system security. As we scale our agentic coding and AI agent products, you will ensure these rollouts are designed and deployed with strong security controls.
  • GRC & Compliance: Oversee our SOC 2 compliance operations (currently managed via Drata) and annual audit cycles. Evaluate and roadmap future certifications, including ISO 27001, as the business scales.
  • Trust & Safety Oversight: Provide high-level oversight for platform abuse and content moderation (in partnership with growth and avatar teams), and serve as the escalation point for IT security incidents.

Qualifications
  • Strong software engineering background with hands-on Python and AWS experience; you write code, not just policies.
  • Demonstrated experience securing cloud infrastructure and applications - vulnerability management, network security, IAM, and secrets management.
  • Familiarity with GRC frameworks and compliance programs (SOC 2, ISO 27001, or equivalent).
  • Excellent communication skills: able to translate threat models for engineers, compliance requirements for auditors, and security architecture for enterprise CISOs.
  • Comfortable with ambiguity and rapid scale; you prioritize ruthlessly and know when to build vs. buy.
  • Experience with modern security tooling is a plus (Drata, Infisical, Bugcrowd, or equivalents).

Why HeyGen:
  • Massive Scale, Unique Problems: We are protecting user identity at one of the fastest growth rates in SaaS history. The security engineering challenges here are genuinely novel.
  • Speed with Guardrails: Our security philosophy is not about saying "no." It is about building guardrails that let the engineering team ship fast without introducing unacceptable risk.
  • Mature Tooling from Day One: We already run Drata for GRC, Infisical for secrets management, and a private bug bounty program via Bugcrowd. You are not starting from zero.
  • Autonomy and Ownership: You will have the visibility and resources to shape HeyGen's entire security roadmap. Small team, big mandate.

Similar Jobs

More Jobs at HeyGen

More Information Technology Jobs

Find similar Security Engineer jobs: