cover image
Whop

Whop

whop.com

1 Job

383 Employees

About the Company

Whop is building a platform to service the internet economy. Millions of people are building new products that they are selling guerrilla style on social media and on forums throughout the internet. Whop gives these sellers a sleek storefront that can accept payments, seamlessly deliver digital products, and attract new customers visiting our marketplace. We currently handle almost $1B+ in yearly payments with thousands of active merchants. To view our open roles, please visit https://careers.whop.com

Listed Jobs

Company background Company brand
Company Name
Whop
Job Title
Security Lead
Job Description
Job Title: Security Lead Role Summary: Own and execute all security functions—compliance (SOC 2, GDPR, CCPA), infrastructure security (AWS, Vercel, Cloudflare, PlanetScale), incident response, external programs (bug bounty, pen tests, threat monitoring), and internal security (IT vendor, device, office). Drive a high‑bar security posture and deliver end‑to‑end programs from inception to audit closure. Expactations: Deliver SOC 2 completion within 60 days, launch external security program by 90 days, maintain continuous monitoring and incident readiness, and establish secure operations across all teams and offices. Key Responsibilities: - Conduct comprehensive security posture audit and own SOC 2 process. - Define, implement, and enforce infrastructure security controls and monitoring. - Design and lead incident response plan—detection, triage, remediation, post‑mortem. - Manage external security engagements (bug bounty, penetration tests, threat intelligence). - Oversee internal security—IT vendor, device, and physical office security. - Serve as first escalation point for all security issues. - Collaborate with CTO, legal, ops, and other stakeholders to align security standards. - Continuously monitor, adjust, and improve security programs using modern tools. Required Skills: - 5+ years in security with program ownership experience. - Deep technical expertise in backend systems, infrastructure, APIs, and cloud platforms. - Proven SOC 2 and privacy compliance experience (GDPR, CCPA). - Incident response, vulnerability management, and threat monitoring proficiency. - Strong written and verbal communication, ability to produce clear documentation. - Detail‑oriented, highly organized, self‑motivated, and proactive. - Comfortable using AI agents and staying current on threat landscape. - Experience in high‑growth startups (Series A/B preferred). Required Education & Certifications: - Bachelor’s degree in Computer Science, Information Security, or related field (or equivalent experience). - Relevant certifications (CISM, CISSP, CRISC, or equivalent) strongly preferred.
San francisco bay, United states
On site
Senior
21-01-2026