Security Engineer (Remote) at Permitflow

PermitFlow is redefining how America builds. We’re an applied AI company serving the nation’s builders, tackling one of the largest information challenges in the economy: understanding what can be built, where, and how. Our AI agent workforce helps the fastest-growing construction companies navigate everything from permitting and licensing to inspections and project closeouts – accelerating housing, clean-energy, and infrastructure development across the country. Despite being a $1.6T industry, construction still suffers from massive delays, wasted capital, and lost opportunity. PermitFlow has already delivered unprecedented speed, accuracy, and visibility to over $20B in development, helping contractors reduce compliance time, de-risk projects, and scale with confidence. America is entering a CAPEX super-cycle, from data centers and factories to housing and renewables, and joining PermitFlow is building the AI at the heart of every construction project powering the next wave of re-industrialization. We’ve raised over $90M, most recently completing our Series B, [Upgrade to PRO to see link] from top-tier investors including Accel, Kleiner Perkins [Upgrade to PRO to see link] Initialized, Y Combinator, Felicis, and Altos Ventures, with backing from leaders at OpenAI, Google, Procore, ServiceTitan, Zillow, PlanGrid, and Uber. ROLE OVERVIEW As a Security Engineer, you’ll join our growing platform team in building, scaling, and fine-tuning the systems that keep our platform secure and compliant. You’ll help architect the security backbone of our platform, focusing on compliance, risk reduction, security automation, and continuous improvement. While your primary responsibility will be security and governance, coding and problem-solving across the stack are core parts of the role. As a fast-growing startup, we all roll up our sleeves where needed, so flexibility and a collaborative, security-first mindset are key. WHAT YOU'LL DO - Architect, design, and implement secure, compliant, scalable, and cost-efficient infrastructure solutions to protect a rapidly growing product. - Lead the execution and maintenance of our SOC2 compliance program and other security-related certifications. - Design, implement, and audit Role-Based Access Controls (RBAC), Identity and Access Management (IAM), and secrets management systems. - Design and implement security best practices for backend, frontend services, APIs, and data pipelines. - Own security features end-to-end, from architecture and implementation to testing and production deployment. - Develop and maintain security automation, Infrastructure as Code, and secure CI/CD pipelines. - Implement and manage security monitoring, threat detection, and vulnerability management across our cloud infrastructure. - Establish and enforce security best practices for authentication, authorization, logging, and alerting. - Lead and participate in incident response, troubleshooting complex security issues and driving postmortem learning and improvements. - Collaborate across engineering teams to embed security into the software development lifecycle and balance compliance, velocity, and cost. WHAT WE'RE LOOKING FOR - 5+ years of experience in Security Engineering, AppSec, GRC, or similar roles. - Proven experience designing and implementing security controls for SOC2, ISO 27001, or similar compliance frameworks. - Deep expertise in Role-Based Access Controls (RBAC), Identity and Access Management (IAM), and secrets management. - Strong experience with container security and orchestration (Docker, ECS, Kubernetes a plus). - Expertise with secure CI/CD pipelines and modern security automation tools. - Coding and scripting proficiency (TypeScript, Python, Go, Bash, etc.). - Hands-on experience with cloud security (GCP preferred) and securing distributed systems. - Familiarity with monitoring, observability, and incident management best practices. - Comfortable working in a fast-paced, compliance-focused startup environment, where adaptability and security ownership are essential. WHAT WE OFFER - Competitive salary and meaningful equity in a high-growth company - Comprehensive medical, dental, and vision coverage - Flexible PTO and paid family leave - Home office & equipment stipend - Hybrid NYC office culture (3 days in-office/week) with direct access to leadership - In-Office Lunch & Dinner Provided PermitFlow provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, sex, national origin, age, disability, genetics, sexual orientation, gender identity, gender expression, or family status, as protected by applicable law. We are committed to a diverse and inclusive workforce and welcome people from all backgrounds, experiences, perspectives, and abilities. All employment decisions are based on merit, qualifications, and business needs.