Senior Security Operations Engineer

Why AssemblyAI AssemblyAI builds the best-in-class Voice AI models powering the next generation of voice applications. Our models serve 600M+ inference calls monthly, process 1M+ hours of audio daily, and power 2 billion+ end-user experiences. The Voice AI space is at an inflection point; we’re looking for folks truly excited to join a small team and help define the future of the industry. We are one of the most capital-efficient AI companies on the planet - with under 100 people generating roughly $500K ARR per employee, we sit among the top 5 most revenue-dense teams within the fastest-growing AI companies today. That's not an accident; it's a deliberate choice to stay lean, move fast, and give every person on the team outsized ownership and impact. With thousands of customers including Granola, Fireflies, Figure AI, and CallRail, the company has real scale - processing over 2 million hours of audio daily and handling more than 1 million API calls every day. This is a rare growth-stage opportunity where the business is proven and the trajectory is steep, but the team is still small enough that your fingerprints are on everything. If you've ever felt buried under layers of bureaucracy, starved of real ownership, or frustrated watching your work disappear into a slow-moving org, AssemblyAI is built differently. The company operates as a true meritocracy, with no heavy planning or approval processes and no gatekeeping on the tools or information you need. For anyone who genuinely cares about voice AI, not as a trend to chase, but as a technology to build,  this is the place where the most interesting problems at the most interesting scale are being solved by a team small enough that you'll actually know everyone's name. We’re committed to creating a space where our employees can bring their full selves to work and have equal opportunity to succeed. No matter your race, gender identity or expression, sexual orientation, religion, origin, ability, age, veteran status, if joining this mission speaks to you, we encourage you to apply! About the role: AssemblyAI runs a mature, multi-framework security and compliance program—including SOC 2 (all trust criteria), ISO 27001, and PCI 4.0—that protects the infrastructure and customer data behind our industry-leading Voice AI API. We're hiring a Senior Security Operations Engineer to join our IT & Security team as the company's first security engineering role. This role sits at the intersection of security engineering and security operations. You'll split your time between hands-on engineering work—threat modeling, secure code reviews, security tooling, and infrastructure hardening alongside our platform and product engineering teams—and the operational work that keeps our security program running: compliance audit cycles, vulnerability management, customer questionnaires, and monitoring. You should be energized by both sides of that equation, not just one. This is a high-ownership role on a small team. You'll work closely with engineers across the company, partner with sales and legal on customer-facing security needs, and have a direct hand in shaping how AssemblyAI secures its products, infrastructure, and internal tools—including a rapidly growing landscape of agentic AI development. What You’ll Do: Security Engineering Conduct threat modeling and security design reviews for new features, services, and architectural changes—partnering with product and platform engineers early in the design phase. Perform secure code reviews and provide actionable feedback, focusing on authentication, authorization, input handling, secrets management, and data protection. Deploy and maintain security tooling across the development lifecycle—SAST, SCA, DAST, secret scanning, IaC scanning, and CI/CD security guardrails. Support best practices to adopt secure-by-default libraries, frameworks, paved-road patterns, and developer guidance to reduce classes of vulnerabilities across the codebase. Partner with platform engineering on infrastructure and environment security—including AWS resource hardening, Terraform-managed infrastructure reviews, network segmentation, and environment isolation improvements. Contribute to incident response for security events: investigation, root cause analysis, and post-incident hardening. Security Operations Drive vulnerability triage and prioritization across teams, tracking remediation against targets and reporting metrics. Step in to remediate directly through patches and PRs where you identify high-impact opportunities. Partner with sales and legal responding to customer and vendor questionnaires, RFP security sections, and trust-and-safety inquiries. Support SOC 2, ISO 27001, PCI 4.0, and other compliance audit cycles by gathering evidence, documenting controls, and coordinating with auditors. Monitor and respond to alerts from endpoint, cloud, and application security tools; manage vulnerability