Mercor

Security Engineer

San Francisco March 7, 2026 Full Time

About the Role

You'll be the first security engineer at a company processing millions of sensitive data points across AI training pipelines, expert payments, and enterprise integrations. This is not a monitoring role. You'll build the systems that keep Mercor secure - writing detection logic, automating response workflows, hardening infrastructure, and shipping security tooling that scales with a company growing faster than most teams can keep up with.

We use AI heavily in our own security work. You should be comfortable building alongside AI code-gen tools, using LLMs to accelerate threat analysis, and automating away the repetitive work that slows security teams down. If you're the kind of engineer who writes a script instead of filing a ticket, you'll fit in here.

We're in-person five days a week at our SF headquarters, with first Fridays remote.

What You'll Build:

  • Detection and response pipelines that catch real threats, not checkbox alerts

  • Security automation that replaces manual processes - if you're doing something twice, automate it

  • Infrastructure hardening across AWS, Kubernetes, and our production environment

  • Identity and access controls for a platform serving 300K+ experts and enterprise clients

  • Application security tooling integrated into CI/CD - shifting security left without slowing down deploys

  • Incident response runbooks and tooling - when something breaks, you'll own the fix end-to-end

What We're Looking For

  • You've built security tooling or automation in a previous role - not just operated existing tools

  • Strong in Python, Go, or TypeScript - you ship code, not slide decks

  • Experience hardening cloud infrastructure (AWS preferred) - VPCs, IAM, container security

  • You understand application security at the code level - can review a PR for auth bugs, not just run a scanner

  • Comfortable with detection engineering - writing rules, tuning alerts, reducing noise

  • You've done incident response and know what it means to be on-call when things break

  • 5+ years of professional experience in security engineering, software engineering, or a related builder role

Bonus Points

  • Experience at a high-growth startup or fast-moving engineering org

  • Familiarity with AI/ML security - model access controls, training data protection, prompt injection

  • Offensive security skills - pen testing, bug bounty, red team experience

  • Contributions to open source security tools

  • You've built something from scratch that a team still uses

Why Mercor

  • Build, don't babysit. We automate the boring stuff. You'll spend your time building systems, not reviewing access requests.

  • AI-native security. You'll use frontier AI tools daily - for code review, threat analysis, detection writing, and anything that benefits from an AI co-pilot.

  • Ownership from day one. Small team, massive surface area. You'll own entire security domains, not a single dashboard.

  • See the future early. Working alongside AI labs means you'll understand frontier model capabilities months before the market.

Apply on company site

How well do you match this role?

Check My Resume