Security Engineer

ABOUT OUTMARKET

Outmarket is the AI platform for insurance, trusted by more than 250 brokerages to run the work their business depends on. Commercial insurance still runs on dense documents and slow, manual workflows, and that is exactly what we automate: quote comparisons, coverage gap and tower analysis, policy review, and proposal generation, all grounded in our customers’ own data and source-cited so teams can trust the output.

The impact is concrete. Teams save 12 to 15 hours per person every week, cut errors by roughly 65 percent, and win more business, all on infrastructure that is SOC 2 Type II certified, single-tenant, and never used to train AI models. We are an AI-first company in both what we build and how we work, shipping quickly and in close partnership with the agencies that rely on us.

WHAT YOU’LL GET

• A high-impact role with ownership from day one.

• Competitive compensation and meaningful equity.

• Direct collaboration with founders and real users.

• Remote-first flexibility.

• The opportunity to help build an AI-native product from the ground up.

ABOUT THE ROLE
We are hiring a Security Engineer to own product and application security for a multi-tenant platform handling sensitive insurance data. You will build security into how we ship, across secure SDLC, AppSec, cloud posture, and supply-chain, and lead our response when issues arise.

WHY THIS ROLE

• Own security for a platform trusted with sensitive insurance and customer data.

• Build security into the product from the ground up, not bolt it on.

• Have broad scope across application, cloud, and supply-chain security.

WHAT YOU’LL DO

• Drive secure SDLC and security-focused code review across the engineering org.

• Own application security: authz, tenant isolation, SSRF and injection prevention, secrets management.

• Strengthen cloud security posture (GCP IAM, egress controls) and supply-chain controls.

• Coordinate penetration testing, threat modeling, and vulnerability management.

• Lead incident response and advance compliance readiness (e.g., SOC 2).

WHAT WE’RE LOOKING FOR

• 4+ years in security engineering, with strong application security depth.

• Hands-on experience securing cloud-native, multi-tenant systems.

• Working knowledge of OWASP-class risks and how to prevent them in real code.

• Ability to partner with engineers and make security practical, not blocking.

BONUS IF YOU HAVE

• Detection & response or compliance/GRC experience.

• Experience securing AI/LLM systems or regulated-data products.