Senior Security Operations Engineer

AssemblyAI builds the best-in-class Voice AI models powering the next generation of voice applications. Our models serve 600M+ inference calls monthly, process 1M+ hours of audio daily, and power 2 billion+ end-user experiences. The Voice AI space is at an inflection point; we’re looking for folks truly excited to join a small team and help define the future of the industry.

We are one of the most capital-efficient AI companies on the planet - with under 100 people generating roughly $500K ARR per employee, we sit among the top 5 most revenue-dense teams within the fastest-growing AI companies today. That's not an accident; it's a deliberate choice to stay lean, move fast, and give every person on the team outsized ownership and impact. With thousands of customers including Granola, Fireflies, Figure AI, and CallRail, the company has real scale - processing over 2 million hours of audio daily and handling more than 1 million API calls every day. This is a rare growth-stage opportunity where the business is proven and the trajectory is steep, but the team is still small enough that your fingerprints are on everything.

If you've ever felt buried under layers of bureaucracy, starved of real ownership, or frustrated watching your work disappear into a slow-moving org, AssemblyAI is built differently. The company operates as a true meritocracy, with no heavy planning or approval processes and no gatekeeping on the tools or information you need. For anyone who genuinely cares about voice AI, not as a trend to chase, but as a technology to build,  this is the place where the most interesting problems at the most interesting scale are being solved by a team small enough that you'll actually know everyone's name.

We’re committed to creating a space where our employees can bring their full selves to work and have equal opportunity to succeed. No matter your race, gender identity or expression, sexual orientation, religion, origin, ability, age, veteran status, if joining this mission speaks to you, we encourage you to apply!

AssemblyAI runs a mature, multi-framework security and compliance program—including SOC 2 (all trust criteria), ISO 27001, and PCI 4.0—that protects the infrastructure and customer data behind our industry-leading Voice AI API. We're hiring a Senior Security Operations Engineer to join our IT & Security team as the company's first security engineering role.

This role sits at the intersection of security engineering and security operations. You'll split your time between hands-on engineering work—threat modeling, secure code reviews, security tooling, and infrastructure hardening alongside our platform and product engineering teams—and the operational work that keeps our security program running: compliance audit cycles, vulnerability management, customer questionnaires, and monitoring. You should be energized by both sides of that equation, not just one.

This is a high-ownership role on a small team. You'll work closely with engineers across the company, partner with sales and legal on customer-facing security needs, and have a direct hand in shaping how AssemblyAI secures its products, infrastructure, and internal tools—including a rapidly growing landscape of agentic AI development.

• Conduct threat modeling and security design reviews for new features, services, and architectural changes—partnering with product and platform engineers early in the design phase.
• Perform secure code reviews and provide actionable feedback, focusing on authentication, authorization, input handling, secrets management, and data protection.
• Deploy and maintain security tooling across the development lifecycle—SAST, SCA, DAST, secret scanning, IaC scanning, and CI/CD security guardrails.
• Support best practices to adopt secure-by-default libraries, frameworks, paved-road patterns, and developer guidance to reduce classes of vulnerabilities across the codebase.
• Partner with platform engineering on infrastructure and environment security—including AWS resource hardening, Terraform-managed infrastructure reviews, network segmentation, and environment isolation improvements.
• Contribute to incident response for security events: investigation, root cause analysis, and post-incident hardening.

• Drive vulnerability triage and prioritization across teams, tracking remediation against targets and reporting metrics. Step in to remediate directly through patches and PRs where you identify high-impact opportunities.
• Partner with sales and legal responding to customer and vendor questionnaires, RFP security sections, and trust-and-safety inquiries.
• Support SOC 2, ISO 27001, PCI 4.0, and other compliance audit cycles by gathering evidence, documenting controls, and coordinating with auditors.
• Monitor and respond to alerts from endpoint, cloud, and application security tools; manage vulnerability tracking and remediation follow-up across the environment.
• Execute recurring user access reviews, IAM hygiene tasks, and RBAC maintenance required by compliance frameworks.
• Maintain and improve security runbooks, process documentation, and operational playbooks—building automation where possible to reduce manual burden using AI-assisted development tools.

• 5+ years of experience in security engineering, security operations, or a related role that combined both
• Hands-on experience with at least one of SOC 2, ISO 27001, or PCI compliance audit cycles—you've gathered evidence, documented controls, and worked with auditors, not just read about it
• Strong application security fundamentals: threat modeling, secure code review, and familiarity with common vulnerability classes (OWASP Top 10, CWE)
• Experience with security tooling across the development lifecycle: SAST, SCA, DAST, secret scanning, or IaC scanning
• Working knowledge of AWS infrastructure and services, including IAM, VPC networking, and security configurations
• Familiarity with infrastructure-as-code (Terraform preferred) and CI/CD pipeline security
• Proficiency in Python and comfort reading code across backend services
• Strong written communication skills—you'll write audit documentation, security questionnaire responses, policy documents, and runbooks regularly
• Comfort using AI-assisted development tools (e.g., Claude Code, Copilot, or similar) to write scripts, build automations, and accelerate documentation—AI tool fluency is a core expectation at AssemblyAI

• Experience securing AI/ML systems or inference infrastructure
• Familiarity with endpoint security platforms and cloud security tooling
• Security incident handling experience: building SIEM detections, writing queries, managing alerting and triage pipelines
• Experience with vulnerability management programs: building triage workflows, managing SLAs, and reporting metrics
• Security certifications (CISSP, CSSLP, AWS Security Specialty, or equivalent)
• Experience at a high-growth startup in a security role

AssemblyAI strives to recruit and retain exceptional talent from diverse backgrounds while ensuring pay equity across our team. Our salary ranges are set to be competitive for our size, stage, and industry, and reflect just one component of the full compensation, benefits, and rewards we offer.

Salary determinations consider a variety of factors, including relevant experience, technical depth, skills demonstrated during the interview process, and maintaining internal equity with peers on the team. The range shared below represents a general expectation for the posted position. However, we are open to considering candidates who may fall above or below the outlined experience level—in those cases, we will communicate any adjustments to the expected salary range.

The range provided applies to candidates located in the United States. For candidates outside of the U.S., compensation ranges may differ; any adjustments will be communicated throughout the interview process.

Salary range: $180,000 - $220,000 USD

The expected base compensation for this role is listed above. Our total compensation package includes competitive equity grants, 100% employer-paid benefits, and the flexibility of being fully remote. A 401k match up to 4% is offered to all US-based full time team members.

If you’re selected for an interview, please review this resource to better understand how AssemblyAI approaches the use of AI in our interview process.

Candidates from the EU should review this job applicant privacy notice before applying. 

Speech-to-text | Streaming speech-to-text | Speech Understanding | LLM Gateway
Try the Playground
Our $50M Series C fundraise
Check us out on YouTube!