Role

As the Lead Security Engineer at Samaya, you will build the security foundation that enables us to win and retain the world's most security-conscious financial institutions as customers. We run Python and Kubernetes workloads on GCP that process sensitive financial data at scale — and this is our first dedicated security hire. You'll own everything: building controls, running compliance programs, and representing security externally to enterprise customers.

Security Infrastructure: You will design and implement cloud security controls across our GCP environment — including IAM, KMS/CMEK, DLP, network controls, single-tenant isolation, secrets management, and audit logging. You'll own our security operations stack (SIEM, endpoint, alerting) and vulnerability management program, ensuring our platform meets the standards of the most demanding financial institutions in the world.

Compliance Ownership: You will own our end-to-end compliance programs — SOC 2 Type II, ISO 27001, and what comes next — including evidence collection, auditor management, and our compliance tooling stack. You'll turn compliance findings into engineering work and customer-facing artifacts, maintaining policies and governance docs aligned with standards and regulators.

Customer Trust: You will be Samaya's security face to enterprise customers. You'll support sales and customer success in security conversations with bank and hedge fund InfoSec teams, build scalable processes to handle DDQs and security questionnaires, and translate technical controls into business language that builds trust.

In this role, you will be the sole security owner at a high-growth Series A company — and will have a clear path to building a small security team as Samaya scales.

Responsibilities

Build and operate security controls across GCP: cloud security posture, DLP, KMS/CMEK, secrets management, single-tenant isolation, IAM, network controls, and audit logging
Own incident response playbooks, tabletop drills, and cross-team coordination during security incidents
Run vulnerability management, including scanners and red-team-style assessments
Define and enforce access controls to production systems, internal tools, and SaaS applications; own the security ops stack (SIEM, endpoint, alerting)
Own end-to-end compliance: SOC 2 Type II, ISO 27001, and what comes next — including evidence collection, auditor management, and compliance tooling
Turn compliance findings into engineering work and customer-facing artifacts; maintain policies, governance docs, and alignment with standards and regulators
Support sales and customer success in security reviews with enterprise InfoSec teams; build processes to handle DDQs and security questionnaires at scale

Experience

Required

6+ years in security engineering, with at least one stint as the primary security owner at a startup or small company
Proven SOC 2 Type II and/or ISO 27001 delivery — ran the program end-to-end, not just supported a consultant
Hands-on GCP or AWS experience: IAM, KMS, CMEK, VPC, Security Command Center
Terraform and IaC fluency — can write and review real infrastructure code, not just review it conceptually
Comfortable representing security externally to customers, auditors, or regulators

Preferred

Experience in financial services or similarly regulated industries
Background supporting enterprise security reviews or sales cycles
Familiarity with security ops tooling: SIEM, EDR/endpoint management, vulnerability scanners, DLP
Enough Kubernetes and Python experience to work directly with engineering on controls
Experience with compliance tooling such as Vanta, Drata, or similar

Compensation

The cash compensation range for this role is $220,000 – $260,000.

Final offer amounts are determined by multiple factors, including experience and expertise, and may vary from the amounts listed above.

In addition to the base salary, we may consider equity as part of our total compensation package.

Benefits

Health: Access comprehensive health insurance, including medical, dental, vision, flexible spending account (FSA), and short-term disability.

Wealth: Support for your long-term financial wellbeing with a 401(k) and pre-tax benefits (e.g. commuting).

Rest: Enjoy flexibility to rest and recharge as needed, with unlimited PTO (Paid Time Off).

Flexibility: Work flexibly with a hybrid setup — typically team members spend a minimum of three days in the office per week.

Travel: Grow and connect with a travel budget that encourages conference attendance, customer visits, and team gatherings.

Equipment: Create your ideal workspace with an office equipment allowance to set up what works best for you.

Inclusive Hiring

Interview Accommodations: We are committed to ensuring an equitable selection process for everyone and welcome applicants from varied backgrounds to enrich our team. If you require accommodations or adjustments during our recruitment process, please inform us.

Equal Opportunity Employer: We do not discriminate on the basis of race, color, religion, sex (including pregnancy and gender identity), national origin, political affiliation, sexual orientation, marital status, disability, genetic information, age, membership in an employee organization, retaliation, parental status, military service, or other non-merit factor.

Visa Sponsorship: We do sponsor visas! However, we aren't able to successfully sponsor visas for every role and every candidate. If we make you an offer, we will make every reasonable effort to get you a visa, and we retain an immigration lawyer to help with this.

About Samaya

Samaya builds Expert AI Agents that turn information from the global financial market into investment conviction.

The global financial market is the largest and most valuable information ecosystem in the world, connecting billions of people, influencing every type of productive human activity, and driving tens of trillions of dollars of value. At its core is investment decision-making: identifying areas of productive activity, allocating resources, carried out by millions of people across the globe.

But that process is at a breaking point. The past two decades have brought an exponential increase in market complexity: more information sources, more asset types, more disruptive themes like AI reshaping every corner of the market. For investors, this means exponentially more depth, breadth, and speed required on every decision.

The response is a forced tradeoff: zoom in on a sector or basket of companies and manage the flood, but lose sight of adjacent dynamics that move markets. Or zoom out to track broad themes, but lose the needle-in-a-haystack details that drive precise decisions. No market sector evolves in isolation, and this lack of a simultaneously zoomed-in and zoomed-out picture costs hundreds of billions in missed or suboptimal investment decisions every year.

Samaya was founded to reimagine investment decision-making across the global financial market. General-purpose AI can’t reason about cause and effect across complex economic systems, embed firm-specific context, or execute reliably over long-horizon workflows. We built something different: a purpose-built AI system combining proprietary financial reasoning models, a long-horizon execution engine with persistent memory, and full auditability. Built by a team from Google DeepMind, Meta, Microsoft, and Stanford with 100+ papers and 50k+ citations, it achieves 98% accuracy on financial reasoning tasks where generic LLMs reach 53%. The result is AI that learns how each investor thinks and seamlessly takes them from information to conviction.

Our user base has scaled to 10,000+, with partnerships spanning top financial institutions worldwide, including Morgan Stanley. We’re backed by $43.5M in Series A funding led by NEA, with investors including Eric Schmidt, NVIDIA, Databricks, Yann LeCun, Jeff Dean, Marty Chavez, and Mark Cuban.

Our Operating Principles

Put Users first. Our users rely on us to do their jobs. We exist because our users trust us to help them achieve their goals. In return for this trust users place in us, we keep their needs as our top priority.
Win as a collective. We are high achievers with a drive to succeed. We build strong bonds over this shared drive. We dive in to help when one of us needs it. We’re kind to each other and boost each other to succeed and grow professionally and personally. We build trust with each other by making commitments and consistently delivering on them. This trust means we genuinely support each other, embracing feedback as a tool for growth and improvement. We win by operating this way, as one team.
Focus and iterate quickly. Bias for action makes us build and learn quickly. Iterating fast requires clarity on what outcomes we are targeting and why. Prioritizing the important things, taking full ownership and initiative, making fast initial progress, and rapid iterations lead to the best outcomes.
Innovate Relentlessly. We pursue novel insights, challenging the status quo and reimagining how things are done. We aren’t attached to the past when improving our product and how we work in the future. We actively invest time in innovation, thinking “outside the box” to consistently raise our standards.
Prioritize Outcomes over Egos. We are committed not to a person, an idea, or an opinion but to continuously making progress to our goals. Sometimes, our goals are ambiguous; in those moments, we iterate, learn, and move on to the next inquiry. We ask the tough questions with kindness, dropping our egos in our pursuit of evidence. For our business goals, we learn from our users. For our scientific goals, our understanding is built through rigorous experimentation, research, and observation. For our personal goals, we embrace candid feedback and collaborative learning to guide our progress.

Lead Security Engineer

Job Description