We're living through a fundamental shift in how people discover, evaluate, and purchase products. The next generation doesn't respond to traditional marketing -- they build relationships with brands through authentic social interactions, seek recommendations from communities they trust, and expect personalized experiences that feel human, not corporate.
At Nectar Social, we're building the AI-native social operating system that enables this new era of commerce. We believe every social interaction should deepen the relationship between brands and their communities while creating genuine value for both sides.
Founded by ex-Meta product and engineering leaders, we've raised over $30M in total capital from investors including GV and True Ventures. We work with brands like Oura Health, Caraway, e.l.f. Cosmetics, Kosas, OLIPOP, and many more. We're building the future of social commerce -- where community, conversation, and commerce converge.
We're looking for a Security Engineer to own security across our enterprise SaaS platform -- from the design of our deployed applications to the compliance programs that earn the trust of large brands. We handle sensitive social and customer data at scale, and our customers expect enterprise-grade security and rigorous proof of it.
As the first Security engineer, you'll have outsized ownership. You'll secure the products we ship, lead the compliance initiatives that unlock enterprise deals, and build the security foundations the rest of the engineering team relies on as we grow.
Own the security of our deployed applications -- threat modeling, secure design reviews, and finding and fixing vulnerabilities across our services and AI infrastructure
Lead new compliance initiatives (SOC 2, and frameworks like ISO 27001, GDPR, and CCPA as we scale), establishing the controls, policies, and evidence to back them
Own the security side of the sales cycle: complete customer security questionnaires, support enterprise security reviews, and act as our expert in vendor assessments
Build and run our vulnerability management, secrets management, identity and access, and security monitoring practices
Manage third-party risk and our penetration-testing program
5+ years in security engineering, application/product security, or a related role at a software company
Strong application and cloud security fundamentals -- you can reason about the security of real production systems and AI workloads, not just policy
Hands-on experience leading or operating a compliance program (SOC 2, ISO 27001, or similar) end to end
Solid programming skills to build security tooling and automation, and to work credibly alongside engineers
Comfortable operating in fast-moving startup environments with high ownership and autonomy
Experience standing up a security and compliance function at an early-stage or rapidly scaling SaaS company
Familiarity with our tech stack: AWS, Pulumi, Postgres, ClickHouse, Turbopuffer, or Temporal
Competitive compensation and early equity
Health, vision, and dental benefits + 401(k) match
Clear career growth opportunities as the company scales
Free lunch in the heart of University Ave. in Palo Alto
Deep exposure to cutting-edge AI tooling and the opportunity to shape how brands use it
A collaborative, ambitious team defining a new category of AI-native marketing infrastructure