Job Specifications
About Paragon
Paragon is an embedded integration infrastructure platform for B2B SaaS and AI products. Engineering teams use Paragon to build native, user-facing product integrations that connect their apps to their customers’ third-party tools (like Salesforce, Slack, Google Drive, and hundreds more) without having to manage auth, rate limits, or custom integration plumbing themselves.
Our platform provides the building blocks for every integration - 130+ native connectors plus a custom integration builder, a fully embeddable Connect Portal SDK, multi-tenant architecture, and flexible deployment options including cloud and on-prem. Teams can orchestrate complex workflows and automations using our suite of products: Managed Sync for fully managed data ingestion, ActionKit as a universal API for real-time actions, and Workflows for event-driven automations and integration logic.
We’re trusted by hundreds of SaaS companies to help them ship every integration their customers need with a fraction of the engineering effort.
About The Role
We’re hiring our first dedicated security hire to own security end-to-end across our product, infrastructure, and organization. You’ll be both a hands-on security engineer and the security lead who sets direction, defines standards, and builds the foundation of our security program.
You’ll partner closely with engineering, product, and GTM teams to keep our platform and customer data safe, while also unblocking enterprise deals and strengthening our security posture as we scale.
If you enjoy building security programs from (almost) scratch, influencing without heavy process, and still getting deep into the technical details, this role is for you.
What you’ll own
Company-wide security posture across application, infrastructure, and internal systems
Secure SDLC: how we design, build, test, and release secure software
Cloud & infrastructure security in our AWS, GCP, and Azure environments
Vulnerability management: from discovery to prioritization and remediation
Security governance & compliance, including SOC 2, HIPAA, and customer requirements
Incident readiness & response, including playbooks, tooling, and training
Security story for customers: helping sales and customer success win and retain larger customers
What you’ll do
Product & application security
Partner with engineering and product to design secure architectures and features.
Introduce and maintain a secure SDLC: threat modeling, design reviews, secure coding guidelines.
Implement and manage tooling such as SAST/DAST, dependency and container scanning integrated into CI/CD.
Triage and prioritize vulnerabilities; drive remediation with engineering teams.
Cloud & infrastructure security
Harden our cloud environment (e.g., AWS IAM, VPCs, security groups, KMS, secrets management).
Define and enforce secure-by-default baselines using infrastructure-as-code (e.g., Terraform).
Establish logging, monitoring, and alerting for key security events.
Collaborate with platform/infra engineers to build guardrails instead of gates.
Governance, risk, and compliance
Own and evolve core security policies (access control, change management, incident response, vendor management, etc.).
Lead our SOC 2 program (and future frameworks as needed): mapping controls, evidence, and audits.
Run access reviews and vendor security reviews on a regular cadence.
Incident response & readiness
Define and maintain incident response plans, runbooks, and playbooks.
Lead incident investigations when they occur and coordinate cross-functional response.
Run tabletop exercises and post-incident reviews; ensure learnings translate into durable improvements.
Security culture & customer trust
Provide training and enablement for engineers and staff on secure practices.
Be the security point of contact for customer questionnaires, RFPs, and enterprise security reviews.
Help sales and customer success articulate our security posture clearly and credibly.
What success looks like in 6 - 12 months
We have a clear view of our crown jewels, data flows, and key risks, documented and understood.
Core cloud and application security baselines are in place and enforced via code.
The secure SDLC is embedded into our development process with practical, lightweight checks.
We have a structured vulnerability management process with agreed SLAs and strong engineering partnership.
Our SOC 2 (or equivalent) program is running smoothly, with repeatable evidence collection.
Sales and customer success feel confident bringing you into enterprise security conversations.
About You
Experienced security engineer
~5+ years in security engineering or related roles (AppSec, Infra/Cloud Sec, Product Security).
Strong experience securing cloud-based SaaS products in production.
Cloud & infra security
Deep hands-on experience with AWS/GCP/etc. security primitives (IAM, VPC, KMS, security groups, CloudTrail/CloudWatch, etc.).
Comfortable working with infrastructure-as-cod
About the Company
Paragon is the embedded integration infrastructure powering the customer-facing integrations of hundreds of B2B SaaS products, including Copy.ai, AI21, and OpenPhone. With Paragon, engineering teams are building integrations 7x faster than in-house, across dozens of categories (CRM, file storage, project management, productivity, etc.) and both asynchronous and synchronous use cases. Some common use cases include: - Ingesting customers' external data (for RAG) - Syncing data bidirectionally - Enabling AI agents to automate w...
Know more