Whop

Security Lead

Whop

full-time

Posted on:

Location Type: Remote

Location: CaliforniaNew YorkUnited States

Visit company website

Explore more

AI Apply
Apply

Job Level

Tech Stack

About the role

  • own all security outcomes: infrastructure, compliance, external programs, and internal security
  • drive execution and hold an extremely high bar for our security posture
  • hands-on role, independently build these programs from scratch
  • own SOC2 and data privacy compliance (audits, GDPR, CCPA)
  • own infrastructure security (AWS, Vercel, Cloudflare, PlanetScale - secrets, access controls, monitoring)
  • own security incident response (detection, triage, remediation, post-mortems)
  • own external security programs (bug bounty, pen tests, threat monitoring)
  • own internal security (IT vendor, device security, office security, training)
  • first line of escalation for all security issues

Requirements

  • Highly technical — understands backend systems, infra, APIs, how things break. Can actually fix issues, not just identify them
  • Extremely organized, high attention to detail
  • High agency, scrappy, and urgent
  • Extremely clear communicator - written and verbal
  • Paranoid in the right way - thinks like an attacker to protect us
  • Willing to push back, but trusted enough that people listen
  • Highly available and responsive
  • Always learning, loves to teach
  • Builds systems that make you redundant over time
  • 5+ years in security, has owned a program before
  • Low-ego - cares about outcomes, not credit
  • Uses modern tools (AI agents), and stays current on threat landscape
  • Constantly monitors and adjusts what you ship
  • Series A/B or high-growth startup experience preferred
Benefits
  • Health insurance
  • 401(k) matching
  • Flexible work hours
  • Paid time off
  • Remote work options
Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools
security complianceinfrastructure securitySOC2GDPRCCPAsecurity incident responsebug bountypenetration testingthreat monitoringbackend systems
Soft Skills
high attention to detailclear communicatorhigh agencyscrappyurgentparanoid thinkingtrustworthinesshigh availabilitywillingness to teachlow ego