Senior Product Security - Senior DevSecOps Engineer

About Us

Beast Industries is a multifaceted media and entertainment company founded by Jimmy Donaldson, popularly known as MrBeast, the most watched person in the world. Renowned for revolutionizing digital content creation, Beast Industries encompasses a diverse portfolio of ventures that extend far beyond its origins on YouTube. With a mission to entertain, inspire, and create significant social impact, Beast Industries operates across various domains including digital media, philanthropy, consumer products, and innovative business initiatives. At Beast Industries, we believe in the transformative power of digital media and its potential to entertain, educate, and effect positive change. Our commitment to innovation, creativity, and philanthropy drives us to explore new frontiers, create unforgettable experiences, and build a legacy that inspires future generations.

Location: (On-site / Hybrid / Remote – NY, Bay Area, Chicago, Greenville)
Department: Technology

About The Role

At MrBeast, we operate at massive scale — content, commerce, fintech, philanthropy, and global digital platforms. Security isn’t an afterthought. It’s a foundational capability.

We’re looking for a Senior Product Security — Senior DevSecOps Engineer to architect and scale a security-first engineering culture across our cloud infrastructure and CI/CD pipelines. This is not a reactive security role — this is a builder role.

You will embed security directly into our development workflows, automate detection and response at scale, and harden our AWS and GCP environments against evolving threats. You’ll partner deeply with Engineering, IT, and Compliance to ensure our systems remain resilient as we grow.

If you thrive on ownership, love automating everything, and want to build modern security infrastructure from the ground up — this role is for you.

What You’ll Do

Cloud Infrastructure Security

• Design and implement security guardrails across AWS and GCP.
• Embed policy enforcement and compliance checks into Terraform modules.
• Perform architecture reviews and ongoing hardening of multi-cloud environments.
• Lead threat modeling for new infrastructure and product initiatives.
• Own secrets management strategy across Vault, AWS Secrets Manager, and GCP Secret Manager.

SDLC Security

• Integrate SAST, DAST, and dependency scanning into GitHub Actions pipelines.
• Lead secure code review programs and promote secure-by-design practices with engineering teams.
• Identify and remediate vulnerabilities before they reach production.

Detection Engineering

• Build and tune detection logic within SIEM platforms, mapped to MITRE ATT&CK.
• Improve alert fidelity through correlation logic and noise reduction.
• Define log aggregation and monitoring coverage across application and infrastructure layers.
• Conduct regular detection coverage gap analysis.

Incident Response Automation

• Build and maintain SOAR playbooks for repeatable response workflows.
• Drive down MTTD and MTTR through automation and process improvement.
• Update playbooks based on lessons learned from post-incident reviews.

Compliance & GRC Support

• Automate evidence collection for audits and regulatory requirements.
• Translate compliance controls into technical enforcement mechanisms.
• Support scaling of compliance programs without proportional overhead growth.

What You Bring

Required Experience

• 5+ years in DevSecOps, Cloud Security, or  Product Security Engineering roles.
• Deep experience securing AWS and GCP environments.
• Advanced Terraform expertise (infrastructure as code, modules, policy-as-code).
• Strong Python proficiency for automation, API integrations, and custom tooling.
• Hands-on experience with SIEM and SOAR platforms (design, integration, detection engineering).
• Deep familiarity with CI/CD security best practices and GitHub Actions.

Strongly Preferred

• Experience designing and managing identity architectures (Okta, Azure AD, or similar), including SSO, SCIM, lifecycle automation, and conditional access.
• Familiarity with Elastic SIEM or modern log aggregation platforms.
• Experience with EDR/XDR platforms (SentinelOne, CrowdStrike, Defender), including policy tuning and telemetry integration.
• Experience managing endpoint security controls and MDM solutions (Jamf, Intune, etc.).
• Experience securing Google Workspace environments.

What Success Looks Like

• Security is seamlessly embedded into every CI/CD workflow.
• Cloud environments are hardened with automated guardrails.
• Detection systems produce high-confidence, actionable alerts.
• Incident response workflows are automated and measurable.
• Compliance evidence collection is largely automated and audit-ready.

Why This Role Is Different

• You’ll own security architecture across multiple cloud environments.
• You’ll influence engineering standards across the company.
• You won’t be “reviewing tickets” — you’ll be building scalable systems.
• You’ll operate at the intersection of DevOps, Security, and Automation.

Benefits

The Perks, Why Work On the MrBeast Team

We are redefining what entertainment and storytelling look like at global scale. Every piece of content we publish reaches millions and influences culture in real time. This is your opportunity to lead the team that decides how those moments come to life across every screen.

• Competitive Salary
• Generous Medical (Blue Cross Blue Shield), Dental, Vision and company-paid Life Insurance 
• Company contributions to employee Health Savings Accounts (HSA) 
• 401k Plan with Safe Harbor company-matching
• Flexible vacation policy and paid company holidays
• Company-provided technology package 
• Relocation assistance where applicable, including travel and company-provided housing for the first 90 days