Startup Jobs
Post a Job
Whop

Security Lead Engineer

Brooklyn , United States

AI overview

Own and elevate the entire security posture of Whop, focusing on compliance, incident response, and infrastructure security while working closely with the CTO and other leaders.

About Whop

Whop is the ultimate virtual market that lets people earn money by starting shops and creating content. We deliver $2.5B per year in income to people across the globe and have more than 5M monthly users.

About the role

Whop is hiring our first dedicated security hire.  You will work closely with our CTO to uplevel the team’s security posture. 

This role is responsible for owning all security outcomes: infrastructure, compliance, external programs, and internal security. You'll drive execution and hold an extremely high bar for our security posture. We are looking for someone highly technical – an engineer first.   The ideal candidate is a backend/infra engineer who evolved into security — you owned security at a startup because no one else would.

We're mid-SOC2 with a handful of vendors supporting our IT and Security. You'll inherit these relationships and make them yours, and work across every internal team to drive execution. You'll work closely with the CTO, head of legal, chief of staff, and head of ops.

This is a hands-on role. We are looking for a technical individual contributor to independently build these programs from scratch. 

Scope:

  • Own SOC2 and data privacy compliance (audits, GDPR, CCPA)
  • Own infrastructure security (AWS, Vercel, Cloudflare, PlanetScale - secrets, access controls, monitoring)
  • Own security incident response (detection, triage, remediation, post-mortems)
  • Own external security programs (bug bounty, pen tests, threat monitoring)
  • Own internal security (IT vendor, device security, office security, training)
  • First line of escalation for all security issues

What we’re looking for

  • Highly technical — understands backend systems, infra, APIs, how things break. Can actually fix issues, not just identify them
  • Extremely organized, high attention to detail
  • High agency, scrappy, and urgent
  • Extremely clear communicator - written and verbal
  • Paranoid in the right way - thinks like an attacker to protect us
  • Willing to push back, but trusted enough that people listen
  • Highly available and responsive
  • Always learning, loves to teach
  • Builds systems that make you redundant over time
  • 5+ years in security, has owned a program before
  • Low-ego - cares about outcomes, not credit
  • Uses modern tools (AI agents), and stays current on threat landscape 
  • Constantly monitors and adjusts what you ship
  • Series A/B or high-growth startup experience preferred

Your first 90 days will look like the following:

  • Within 30 days, you’ve mapped how access, data, money, and production systems actually work at Whop. Incident detection is materially improved through stronger logging and monitoring, with clear signals for suspicious access and misuse. You’ve established clean ownership and escalation for security incidents, tightened obvious risk boundaries, and taken ownership of all security-relevant systems and vendors without broadcasting internal gaps.

  • Within 60 days, security fundamentals are standardized and enforced through engineering systems, not policy alone. Identity, access, secrets, devices, production access, and financial systems operate on least-privilege defaults with strong auditability and fast revocation. Guardrails are embedded into workflows so engineers and operators naturally do the safe thing. SOC 2 is in final stages as a consequence of these systems being in place and actively used.

  • Within 90 days, Whop’s security posture is durable under real-world pressure. External security programs are live, incidents are detected early and handled predictably, and critical systems are resilient to abuse, compromise, and traffic spikes. Sensitive data is controlled and minimized by default. Employees can safely use modern tools, including AI, without creating hidden risk. SOC 2 is complete, policies are followed in practice, and security runs autonomously day-to-day with minimal CTO involvement.

     

Benefits Overview

✅ Minimum cash comp of $250,000K + a competitive equity package

❤️ Unlimited PTO, with full health, vision, dental coverage

🍕 Lunch & dinner paid for Monday thru Friday

💻 3k ramp card to get you the latest Macbook Pro & tech accessories

This role is a Security Lead Engineer who will report to the CTO.

 

Perks & Benefits Extracted with AI

  • Free Meals & Snacks: Lunch & dinner paid for Monday thru Friday
  • Home Office Stipend: 3k ramp card to get you the latest Macbook Pro & tech accessories
  • Paid Time Off: Unlimited PTO, with full health, vision, dental coverage
Whop

A marketplace for really cool internet products.

Website LinkedIn
View all jobs
Salary
$250,000 per year
Ace your job interview

Understand the required skills and qualifications, anticipate the questions you may be asked, and study well-prepared answers using our sample responses.

Lead Engineer Q&A's
Report this job
Apply for this job