Senior Embedded InfoSec Engineer

Beast Industries is a multifaceted media and entertainment company founded by Jimmy Donaldson, popularly known as MrBeast, the most watched person in the world. Renowned for revolutionizing digital content creation, Beast Industries encompasses a diverse portfolio of ventures that extend far beyond its origins on YouTube. With a mission to entertain, inspire, and create significant social impact, Beast Industries operates across various domains including digital media, philanthropy, consumer products, and innovative business initiatives. At Beast Industries, we believe in the transformative power of digital media and its potential to entertain, educate, and effect positive change. Our commitment to innovation, creativity, and philanthropy drives us to explore new frontiers, create unforgettable experiences, and build a legacy that inspires future generations.

Primary: Bay Area (San Francisco/Peninsula) | Secondary: NYC

Beast Industries is a multifaceted media and entertainment company founded by Jimmy Donaldson, popularly known as MrBeast, the most watched person in the world. Renowned for revolutionizing digital content creation, Beast Industries encompasses a diverse portfolio of ventures that extend far beyond its origins on YouTube. With a mission to entertain, inspire, and create significant social impact, Beast Industries operates across various domains including digital media, philanthropy, consumer products, and innovative business initiatives. At Beast Industries, we believe in the transformative power of digital media and its potential to entertain, educate, and effect positive change. Our commitment to innovation, creativity, and philanthropy drives us to explore new frontiers, create unforgettable experiences, and build a legacy that inspires future generations.

Location: Bay Area (San Francisco / Peninsula)  Reports to: Director of Engineering  Team: Security

We are building a first-of-its-kind consumer membership ecosystem from the ground up — and when you're serving 100M+ users security has to be built in from day one, not bolted on later. As our Senior Embedded InfoSec Engineer, you will be the foundational security hire on the Security team, embedded directly with product squads to ship features that are secure by design rather than secured after the fact.

This is a hands-on, build-with-the-team role. You'll own application security, run the pen testing program, and architect the controls that meet partner security requirements so the business can close deals and ship with confidence.

You will be the security anchor underneath a membership ecosystem anchored around the MrBeast audience. Your surface area spans every product squad and every partnership:

• Application Security: Threat modeling, secure-by-default patterns, code review, and developer-facing tooling across the membership app, creator marketplace, and platform services.
• Offensive Testing: A pen testing program you own end-to-end — internal red-team exercises, coordinated external engagements, and continuous validation against real attacker behavior.
• Security Architecture: The control framework that lets us meet partner security requirements — and the architecture decisions that keep us ready for the next partner, not scrambling for them.

• →Embed directly with product squads — membership app, marketplace, data & identity — to threat-model, review, and harden features before they ship.
• →Own the application security program end-to-end: secure SDLC, code review, dependency and supply-chain controls, and developer-facing security tooling.
• →Run the pen testing program — hands-on offensive work plus coordination of external engagements — and turn findings into fixed issues, not tickets in a backlog.
• →Architect the security controls and documentation that meet partner security requirements, so partnership deals close on our schedule.
• →Set the security baseline for a zero-to-one, AI-native stack: coding agents, model and prompt security, and the new attack surface that comes with AI-native products.
• →Write the playbook — standards, guardrails, and the "paved road" — so as the org scales, secure is the easy path.

• Embedded Builder: You've been the security engineer on a product team, not just a reviewer at the gate. You write code, file PRs, and ship fixes yourself when it's the fastest path.
• AppSec at Consumer Scale: You've run or heavily contributed to an application security program inside a consumer product used by millions — you know the real tradeoffs between coverage, velocity, and risk.
• Offensive Hands-On: You can pen test, not just read pen test reports. You've found real bugs in real systems and shepherded them through to fix.
• Partner-Compliance Fluent: You've architected against partner security frameworks (or equivalents — SOC 2, PCI, vendor security reviews) and know how to translate requirements into real controls without theater.
• AI-Native: You aren't just curious about AI; you are burning through tokens, using coding agents daily, and thinking about how AI changes both how we build and what we have to defend.
• Scrappy & Scaled: You have the startup experience to build from zero with a nimble team, plus the big-tech exposure to know what breaks when a product hits massive scale.

Action-Oriented: You thrive in ambiguity and prefer shipping controls over writing policy. You'd rather land a fix than run a meeting.