Security Lead

Whop

full-time

Posted on: 1/20/2026

Location Type: Remote

✨ AI Apply

About the role

own all security outcomes: infrastructure, compliance, external programs, and internal security
drive execution and hold an extremely high bar for our security posture
hands-on role, independently build these programs from scratch
own SOC2 and data privacy compliance (audits, GDPR, CCPA)
own infrastructure security (AWS, Vercel, Cloudflare, PlanetScale - secrets, access controls, monitoring)
own security incident response (detection, triage, remediation, post-mortems)
own external security programs (bug bounty, pen tests, threat monitoring)
own internal security (IT vendor, device security, office security, training)
first line of escalation for all security issues

Highly technical — understands backend systems, infra, APIs, how things break. Can actually fix issues, not just identify them
Extremely organized, high attention to detail
High agency, scrappy, and urgent
Extremely clear communicator - written and verbal
Paranoid in the right way - thinks like an attacker to protect us
Willing to push back, but trusted enough that people listen
Highly available and responsive
Always learning, loves to teach
Builds systems that make you redundant over time
5+ years in security, has owned a program before
Low-ego - cares about outcomes, not credit
Uses modern tools (AI agents), and stays current on threat landscape
Constantly monitors and adjusts what you ship
Series A/B or high-growth startup experience preferred

Benefits

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

security complianceinfrastructure securitySOC2GDPRCCPAsecurity incident responsebug bountypenetration testingthreat monitoringbackend systems

Soft Skills

high attention to detailclear communicatorhigh agencyscrappyurgentparanoid thinkingtrustworthinesshigh availabilitywillingness to teachlow ego