Senior Product Security / Senior DevSecOps Engineer

About Us

Beast Industries, founded by Jimmy Donaldson (MrBeast), is a multifaceted media and entertainment company revolutionizing digital content creation. Our mission is to entertain, inspire, and create significant social impact through digital media, philanthropy, consumer products, and innovative business initiatives. We believe in the transformative power of digital media to entertain, educate, and effect positive change, driving us to explore new frontiers and build a lasting legacy.

Location: On-site / Hybrid / Remote – NY, Bay Area, Chicago, Greenville

Department: Technology

About The Role

At MrBeast, we operate at massive scale across content, commerce, fintech, philanthropy, and global digital platforms. Security is a foundational capability, not an afterthought. We are seeking a Senior Product Security / Senior DevSecOps Engineer to architect and scale a security-first engineering culture across our cloud infrastructure and CI/CD pipelines. This is a builder role focused on embedding security directly into development workflows, automating detection and response, and hardening our AWS and GCP environments against evolving threats. You will partner deeply with Engineering, IT, and Compliance to ensure system resilience as we grow.

If you thrive on ownership, love automating everything, and want to build modern security infrastructure from the ground up, this role is for you.

What You’ll Do

Cloud Infrastructure Security:

• Design and implement security guardrails across AWS and GCP.
• Embed policy enforcement and compliance checks into Terraform modules.
• Perform architecture reviews and ongoing hardening of multi-cloud environments.
• Lead threat modeling for new infrastructure and product initiatives.
• Own secrets management strategy across Vault, AWS Secrets Manager, and GCP Secret Manager.

SDLC Security:

• Integrate SAST, DAST, and dependency scanning into GitHub Actions pipelines.
• Lead secure code review programs and promote secure-by-design practices with engineering teams.
• Identify and remediate vulnerabilities before they reach production.

Detection Engineering:

• Build and tune detection logic within SIEM platforms, mapped to MITRE ATT&CK.
• Improve alert fidelity through correlation logic and noise reduction.
• Define log aggregation and monitoring coverage across application and infrastructure layers.
• Conduct regular detection coverage gap analysis.

Incident Response Automation:

• Build and maintain SOAR playbooks for repeatable response workflows.
• Reduce Mean Time to Detect (MTTD) and Mean Time to Respond (MTTR) through automation and process improvement.
• Update playbooks based on lessons learned from post-incident reviews.

Compliance & GRC Support:

• Automate evidence collection for audits and regulatory requirements.
• Translate compliance controls into technical enforcement mechanisms.
• Support the scaling of compliance programs without proportional overhead growth.

What You Bring

Required Experience

• 5+ years in DevSecOps, Cloud Security, or Product Security Engineering roles.
• Deep experience securing AWS and GCP environments.
• Advanced Terraform expertise (infrastructure as code, modules, policy-as-code).
• Strong Python proficiency for automation, API integrations, and custom tooling.
• Hands-on experience with SIEM and SOAR platforms (design, integration, detection engineering).
• Deep familiarity with CI/CD security best practices and GitHub Actions.

Strongly Preferred

• Experience designing and managing identity architectures (Okta, Azure AD, or similar), including SSO, SCIM, lifecycle automation, and conditional access.
• Familiarity with Elastic SIEM or modern log aggregation platforms.
• Experience with EDR/XDR platforms (SentinelOne, CrowdStrike, Defender), including policy tuning and telemetry integration.
• Experience managing endpoint security controls and MDM solutions (Jamf, Intune, etc.).
• Experience securing Google Workspace environments.

What Success Looks Like

• Security is seamlessly embedded into every CI/CD workflow.
• Cloud environments are hardened with automated guardrails.
• Detection systems produce high-confidence, actionable alerts.
• Incident response workflows are automated and measurable.
• Compliance evidence collection is largely automated and audit-ready.

Why This Role Is Different

• You’ll own security architecture across multiple cloud environments.
• You’ll influence engineering standards across the company.
• You’ll be building scalable systems, not just reviewing tickets.
• You’ll operate at the intersection of DevOps, Security, and Automation.

Benefits

The Perks, Why Work On the MrBeast Team

We are redefining entertainment and storytelling at a global scale, influencing culture in real time. This is your opportunity to lead the team that decides how those moments come to life across every screen.

• Competitive Salary.
• Generous Medical (Blue Cross Blue Shield), Dental, Vision, and company-paid Life Insurance.
• Company contributions to employee Health Savings Accounts (HSA).
• 401k Plan with Safe Harbor company-matching.
• Flexible vacation policy and paid company holidays.
• Company-provided technology package.
• Relocation assistance where applicable, including travel and company-provided housing for the first 90 days.