Security Engineer
Description:
Job Description
Security Engineer
About the Role
Jumpmind is building the next generation of retail commerce platforms. Our mission is to build retail software that is creative, practical, and easy to use. This role sits at the intersection of cybersecurity, compliance, and AI engineering. It exists because our AI strategy demands a security practitioner who can help build, govern, and monitor AI alongside traditional security and compliance work.
What You’ll Work On
AI Security & Governance
Maintain our AI tool and agent registry, assessing the risk and compliance posture of newly deployed solutions and tracking them through their full lifecycle.
Contribute to the policies, guardrails, and documentation that ensure Jumpmind adopts AI securely and responsibly.
Build and deploy AI security agents, tools, and automated workflows with guidance from senior engineers, documenting designs, guardrails, and compliance mappings along the way.
Security Operations & Incident Triage
Perform initial triage and investigation of security events, escalating confirmed or complex incidents to security leadership.
Assist in documenting incident response activities and participating in post-incident reviews.
Help maintain and update operational security playbooks and documentation.
Compliance & Risk Administration
Coordinate the collection of recurring compliance evidence (log reviews, access lists, scan results) to support our SOC 2 and PCI DSS requirements.
Maintain the security and compliance calendar, ensuring recurring tasks and policy reviews are not missed.
Assist with vendor security reviews by gathering documentation, tracking questionnaires, and highlighting basic gaps.
Vulnerability Management Support
Run routine vulnerability scans across our infrastructure and applications.
Help track and organize vulnerability findings, creating tickets and following up with engineering teams on remediation timelines.
Maintain security dashboards and track key risk indicators (KRIs) to provide visibility into our overall patching health.
Required Qualifications
Bachelor’s degree in Cybersecurity, Computer Science, Information Systems, or a related field (or equivalent practical experience)
0 to 2 years of experience in cybersecurity, IT security, compliance, or a related technical role. Internships and academic projects count
Foundational understanding of at least one compliance framework: SOC 2, PCI DSS, HITRUST, NIST 800-53, or ISO 27001
Demonstrated interest in AI/ML technologies. Personal projects, coursework, certifications, or open-source contributions all count
Familiarity with cloud environments
Strong written communication skills. This role involves drafting audit narratives, risk memos, and governance documentsPreferred Qualifications
Experience building or prompting AI agents, LLM-based tools, or agentic workflows
Familiarity with prompt engineering, LLMs, or Model Context Protocol (MCP)
Exposure to SAST, DAST, or SCA tooling in a CI/CD pipeline
Understanding of vulnerability scoring systems (CVSS, EPSS, CISA KEV)
Exposure to SIEM platforms such as Splunk, Microsoft Sentinel, or similar security monitoring tools.
Full-time