Senior Cybersecurity Engineer
## About Us
Smirnov Labs is a fast-growing engineering company founded by an ex-Googler. We help product teams launch and scale quickly by leveraging modern technology and AI-assisted development.
Our projects are diverse โ we partner with clients at the earliest stages and own the technical delivery end-to-end.
We're a small, senior-heavy team where every engineer has real impact. No bureaucracy, no hand-holding โ just sharp people shipping fast.
This is an outstaff role: you'll be embedded directly with a client's engineering team as part of our delivery group, securing AI-powered products in a modern, security-conscious, SOC 2-aligned environment.
## What You'll Do
- Own security across applications, databases, cloud infrastructure, and development pipelines โ identify, prioritize, and remediate risks.
- Drive SOC 2 control implementation, evidence collection, documentation, testing, and audit preparation.
- Apply and enforce security principles across identity and access management, encryption, vulnerability management, logging, monitoring, incident response, and change management.
- Harden AWS environments (IAM, VPC, Secrets Manager, CloudWatch) and Linux servers (system hardening, patch management, monitoring).
- Implement repository security in GitHub โ access controls, branch protections, secret management, and secure CI/CD workflows.
- Build safeguards for LLM usage โ sensitive-data handling, prompt injection, hallucinations, and inappropriate model responses across Anthropic Claude, OpenAI, Google Gemini, and xAI Grok integrations.
- Review AI-generated code for security, maintainability, and compliance with organizational standards.
- Maintain technical documentation, policies, procedures, access reviews, and audit trails.
- Communicate directly with the client's software, infrastructure, and engineering teams, business stakeholders, and third-party vendors โ no layers in between.
- Use AI-assisted development tools (Claude, Claude Code, Cursor, GitHub Copilot) as part of your daily workflow.
## What We're Looking For
- 5+ years in cybersecurity or security engineering
- Hands-on SOC 2 experience โ control implementation, evidence collection, and audit preparation
- Strong grasp of IAM, encryption, vulnerability management, logging and monitoring, incident response, and change management
- Cloud security experience on AWS and Linux system hardening
- GitHub security practices โ branch protection, secret management, and secure CI/CD
- Scripting for automation and tooling (Python, Bash, or similar)
- Familiarity with securing LLM/AI systems (prompt injection, data leakage, RAG safety) a strong plus
- Comfortable working in a codebase and infrastructure under active change, with strong code review and automated review gates
- Comfort working in the US timezone (overlapping working hours required)
- Upper-Intermediate or higher English
- Ability to own and drive work independently with minimal supervision
## What We Offer
- Competitive salary above market average
- Fully remote work
- Flat structure โ work directly with the client's engineering team, no middle management
- Diverse and technically challenging projects
- Modern AI-powered development workflow
- Small team culture โ your voice matters, your work ships
- Paid vacation and sick leave
- Flexible schedule within the US timezone overlap
- Professional and career growth through real ownership, not courses and certificates
## How to Apply
Send your CV with a brief note about a security program, audit, or remediation you're most proud of.