Principal Security Engineer

📋 Description

• • Fanvue is at the forefront of the creator economy, leveraging AI to empower creators and connect them directly with their audiences. As one of the fastest-growing platforms globally, we've achieved over $100M+ in annual recurring revenue and are experiencing triple-digit year-on-year growth, serving hundreds of thousands of creators and millions of fans. With this rapid expansion, security has become a paramount concern, and we are seeking a Principal Security Engineer to establish and lead our security initiatives from the ground up.
• • This is a unique opportunity to be the single-threaded owner of security at Fanvue. You will be instrumental in designing, implementing, and maintaining a robust security posture across all facets of our operations, including our AWS infrastructure, application layer, CI/CD pipelines, and critical payment flows. Your work will directly contribute to protecting the trust and safety of our vast user base.
• • Key responsibilities will involve architecting and deploying comprehensive security controls. This includes defining security architecture decisions through RFCs/ADRs and maintaining the security chapter within our engineering documentation repository. You will also be tasked with establishing and nurturing a security champion network, fostering a security-first mindset across various engineering streams such as Platform, Growth, AI, and Creator Earnings. This will involve running regular security office hours to provide guidance and support.
• • A significant part of your role will be to own and drive the roadmap for SOC 2 Type II and PCI DSS compliance. This entails managing relationships with auditors, meticulously collecting evidence, and overseeing the remediation of any identified gaps. You will proactively conduct threat modeling for new and existing features, including complex areas like iframe integrations, AI Creator Studio functionalities, and live streaming services, to anticipate and mitigate potential risks.
• • You will perform in-depth, hands-on security reviews of critical components, including IAM policies, secrets management strategies, API authorization mechanisms, data encryption protocols, and vendor contracts. Furthermore, you will be responsible for building out our incident response capabilities, developing comprehensive playbooks, and conducting regular tabletop exercises to ensure preparedness for potential security incidents.
• • Collaboration will be key, as you partner closely with the Legal team to ensure compliance with various regulations and standards, including PCI DSS, GDPR, age verification requirements, and content moderation policies. You will also be responsible for configuring, tuning, and managing our security monitoring tools, such as SIEM, vulnerability scanners, and dependency checking systems, ensuring effective alerting and timely response.
• • To embed security into our development lifecycle, you will review Pull Requests for security-critical changes and integrate security gates into our project checklists, promoting a culture of secure coding practices across all engineering teams.
• • This role offers immense autonomy and the chance to shape security strategy in a high-growth, AI-native environment. You will have direct visibility into the impact of your work and the opportunity to build a security function that is integral to Fanvue's success and its mission to redefine the creator economy.