Build detection and response pipelines, automate security processes, and harden infrastructure while using AI tools in a fast-paced startup environment.
You'll be the first security engineer at a company processing millions of sensitive data points across AI training pipelines, expert payments, and enterprise integrations. This is not a monitoring role. You'll build the systems that keep Mercor secure - writing detection logic, automating response workflows, hardening infrastructure, and shipping security tooling that scales with a company growing faster than most teams can keep up with.
We use AI heavily in our own security work. You should be comfortable building alongside AI code-gen tools, using LLMs to accelerate threat analysis, and automating away the repetitive work that slows security teams down. If you're the kind of engineer who writes a script instead of filing a ticket, you'll fit in here.
We're in-person five days a week at our SF headquarters, with first Fridays remote.
Detection and response pipelines that catch real threats, not checkbox alerts
Security automation that replaces manual processes - if you're doing something twice, automate it
Infrastructure hardening across AWS, Kubernetes, and our production environment
Identity and access controls for a platform serving 300K+ experts and enterprise clients
Application security tooling integrated into CI/CD - shifting security left without slowing down deploys
Incident response runbooks and tooling - when something breaks, you'll own the fix end-to-end
You've built security tooling or automation in a previous role - not just operated existing tools
Strong in Python, Go, or TypeScript - you ship code, not slide decks
Experience hardening cloud infrastructure (AWS preferred) - VPCs, IAM, container security
You understand application security at the code level - can review a PR for auth bugs, not just run a scanner
Comfortable with detection engineering - writing rules, tuning alerts, reducing noise
You've done incident response and know what it means to be on-call when things break
5+ years of professional experience in security engineering, software engineering, or a related builder role
Experience at a high-growth startup or fast-moving engineering org
Familiarity with AI/ML security - model access controls, training data protection, prompt injection
Offensive security skills - pen testing, bug bounty, red team experience
Contributions to open source security tools
You've built something from scratch that a team still uses
Build, don't babysit. We automate the boring stuff. You'll spend your time building systems, not reviewing access requests.
AI-native security. You'll use frontier AI tools daily - for code review, threat analysis, detection writing, and anything that benefits from an AI co-pilot.
Ownership from day one. Small team, massive surface area. You'll own entire security domains, not a single dashboard.
See the future early. Working alongside AI labs means you'll understand frontier model capabilities months before the market.
Mercor builds an AI-powered platform that connects human expertise with AI development, streamlining the hiring process while sourcing and vetting talent. We're dedicated to partnering with AI labs and enterprises, leveraging a vast network of over 30,000 experts who contribute valuable knowledge to train advanced AI models. Our unique approach creates a new category of work where human intelligence drives the future of AI innovation.
Please mention you found this job on AI Jobs. It helps us get more startups to hire on our site. Thanks and good luck!
Understand the required skills and qualifications, anticipate the questions you may be asked, and study well-prepared answers using our sample responses.
Security Engineer Q&A's