Security Engineer

ABOUT THE ROLE

You’ll work on security across a platform that processes large volumes of sensitive data, including AI training pipelines, expert payments, and enterprise integrations. This is a hands-on engineering role focused on building and improving the systems that keep Mercor secure.

We use AI heavily in our own security work. You should be comfortable building alongside AI code-gen tools, using LLMs to accelerate threat analysis, and automating away the repetitive work that slows security teams down. If you're the kind of engineer who writes a script instead of filing a ticket, you'll fit in here.

We're in-person five days a week at our SF headquarters, with first Fridays remote.

WHAT YOU'LL BUILD:

- Detection and response pipelines that catch real threats, not checkbox alerts

- Security automation that replaces manual processes - if you're doing something twice, automate it

- Infrastructure hardening across AWS, Kubernetes, and our production environment

- Identity and access controls for a platform serving 300K+ experts and enterprise clients

- Application security tooling integrated into CI/CD - shifting security left without slowing down deploys

- Incident response runbooks and tooling - when something breaks, you'll own the fix end-to-end

WHAT WE'RE LOOKING FOR

- You've built security tooling or automation in a previous role - not just operated existing tools

- Strong in Python, Go, or TypeScript - you ship code, not slide decks

- Experience hardening cloud infrastructure (AWS preferred) - VPCs, IAM, container security

- You understand application security at the code level - can review a PR for auth bugs, not just run a scanner

- Comfortable with detection engineering - writing rules, tuning alerts, reducing noise

- You've done incident response and know what it means to be on-call when things break

- 5+ years of professional experience in security engineering, software engineering, or a related builder role

BONUS P...