LoopSmart is a technology research and development company. We build advanced software, AI systems, and infrastructure that power our partners' products. We focus on creating tangible technology solutions that solve complex problems at scale.

We are seeking a Security Engineer to help keep our systems safe without slowing delivery. In this role, you will focus on pragmatic controls for product and cloud systems: access boundaries, threat modeling, and security-by-design practices. You will work with engineering to identify real risks early and design controls that fit the system, prioritizing clear documentation over checkbox compliance.

You will be responsible for the security posture of our assets: from designing the IAM policies that protect our data to defining the secure SDLC practices that prevent vulnerabilities. You will act as an enabler, providing the tools and guidance that make it easy for engineers to do the right thing.

Key Job Responsibilities

• Design and review IAM boundaries (least privilege, role separation, and access lifecycle).
• Partner on architecture reviews and threat models for new systems and integrations.
• Define secure SDLC practices: code scanning where helpful, dependency hygiene, and secure review patterns.
• Improve detection and incident readiness (logging, alerts, runbooks, post-incident learning).
• Write clear internal guidance: what the control is, why it exists, and how to operate it.
• Collaborate with teams to implement security controls without blocking progress.

A day in the life

Your day might start by reviewing the IAM policies for a new service, suggesting a more restrictive set of permissions to adhere to least privilege. Later, you lead a threat modeling session for a new feature, helping the team identify potential attack vectors and design mitigations. In the afternoon, you investigate a suspicious log entry, determining it was a false positive but updating the alert logic to reduce noise. You wrap up by writing a guide on how to securely manage secrets in our development environment, sharing it with the engineering team.

About the team

You will join a small, high-density team of researchers and engineers who value shipping over hype. We operate like a lab: we form hypotheses, run experiments, and document results. We are not a feature factory; we are an asset factory. We value clear writing, intellectual honesty, and the discipline to finish what we start. We work asynchronously and respect deep work time.

Basic Qualifications

• 3+ years of pragmatic security engineering experience across product and/or cloud systems.
• Comfort with identity concepts (authentication, authorization, role design) and cloud fundamentals.
• Ability to communicate trade-offs and to propose simple, effective controls.
• Strong documentation habits.
• Bachelor's degree in Computer Science or equivalent practical experience.

Preferred Qualifications

• Experience with AWS security tooling and common patterns (KMS, secrets managers, network segmentation).
• Experience building secure logging pipelines and audit-friendly control narratives.
• Experience enabling teams (training, templates, guardrails) rather than acting as a gate.
• Relevant security certifications (e.g., AWS Certified Security - Specialty).