Senior Product Security - Senior DevSecOps Engineer

Beast Industries is a multifaceted media and entertainment company founded by Jimmy Donaldson, popularly known as MrBeast, the most watched person in the world. Renowned for revolutionizing digital content creation, Beast Industries encompasses a diverse portfolio of ventures that extend far beyond its origins on YouTube. With a mission to entertain, inspire, and create significant social impact, Beast Industries operates across various domains including digital media, philanthropy, consumer products, and innovative business initiatives. At Beast Industries, we believe in the transformative power of digital media and its potential to entertain, educate, and effect positive change. Our commitment to innovation, creativity, and philanthropy drives us to explore new frontiers, create unforgettable experiences, and build a legacy that inspires future generations.

At MrBeast, we operate at massive scale — content, commerce, fintech, philanthropy, and global digital platforms. Security isn’t an afterthought. It’s a foundational capability.

We’re looking for a Senior Product Security — Senior DevSecOps Engineer to architect and scale a security-first engineering culture across our cloud infrastructure and CI/CD pipelines. This is not a reactive security role — this is a builder role.

You will embed security directly into our development workflows, automate detection and response at scale, and harden our AWS and GCP environments against evolving threats. You’ll partner deeply with Engineering, IT, and Compliance to ensure our systems remain resilient as we grow.

If you thrive on ownership, love automating everything, and want to build modern security infrastructure from the ground up — this role is for you.

• Design and implement security guardrails across AWS and GCP.
• Embed policy enforcement and compliance checks into Terraform modules.
• Perform architecture reviews and ongoing hardening of multi-cloud environments.
• Lead threat modeling for new infrastructure and product initiatives.
• Own secrets management strategy across Vault, AWS Secrets Manager, and GCP Secret Manager.

• Integrate SAST, DAST, and dependency scanning into GitHub Actions pipelines.
• Lead secure code review programs and promote secure-by-design practices with engineering teams.
• Identify and remediate vulnerabilities before they reach production.

• Build and tune detection logic within SIEM platforms, mapped to MITRE ATT&CK.
• Improve alert fidelity through correlation logic and noise reduction.
• Define log aggregation and monitoring coverage across application and infrastructure layers.
• Conduct regular detection coverage gap analysis.

• Build and maintain SOAR playbooks for repeatable response workflows.
• Drive down MTTD and MTTR through automation and process improvement.
• Update playbooks based on lessons learned from post-incident reviews.

• Automate evidence collection for audits and regulatory requirements.
• Translate compliance controls into technical enforcement mechanisms.
• Support scaling of compliance programs without proportional overhead growth.

• 5+ years in DevSecOps, Cloud Security, or  Product Security Engineering roles.
• Deep experience securing AWS and GCP environments.
• Advanced Terraform expertise (infrastructure as code, modules, policy-as-code).
• Strong Python proficiency for automation, API integrations, and custom tooling.
• Hands-on experience with SIEM and SOAR platforms (design, integration, detection engineering).
• Deep familiarity with CI/CD security best practices and GitHub Actions.

• Experience designing and managing identity architectures (Okta, Azure AD, or similar), including SSO, SCIM, lifecycle automation, and conditional access.
• Familiarity with Elastic SIEM or modern log aggregation platforms.
• Experience with EDR/XDR platforms (SentinelOne, CrowdStrike, Defender), including policy tuning and telemetry integration.
• Experience managing endpoint security controls and MDM solutions (Jamf, Intune, etc.).
• Experience securing Google Workspace environments.

• Security is seamlessly embedded into every CI/CD workflow.
• Cloud environments are hardened with automated guardrails.
• Detection systems produce high-confidence, actionable alerts.
• Incident response workflows are automated and measurable.
• Compliance evidence collection is largely automated and audit-ready.

• You’ll own security architecture across multiple cloud environments.
• You’ll influence engineering standards across the company.
• You won’t be “reviewing tickets” — you’ll be building scalable systems.
• You’ll operate at the intersection of DevOps, Security, and Automation.