Cloud Security & Compliance Engineer at Mobi.AI
Somerville, Massachusetts, United States -
Full Time


Start Date

Immediate

Expiry Date

17 May, 26

Salary

200000.0

Posted On

16 Feb, 26

Experience

5 year(s) or above

Remote Job

Yes

Telecommute

Yes

Sponsor Visa

No

Skills

Cloud Security, Compliance, AWS, GCP, Security Guardrails, SOC 2, GDPR, Infrastructure as Code, Threat Modeling, Secret Management, Zero Trust, Data Protection, TypeScript, Python, LLMs, Interpersonal Skills

Industry

Software Development

Description
About Mobi.AI Mobi.AI is a leading AI platform and solution provider born from MIT's Computer Science and Artificial Intelligence Lab, specializing in building collaborative AI systems that solve complex business challenges in travel, transportation, and process automation. With a proven track record of transforming customer experiences and business operations for global brands, Mobi has brought cutting-edge AI technology from research to real-world applications. Working at Mobi We believe the best ideas emerge when diverse perspectives come together, so we’re building a team that truly reflects that belief. If you’re energized by complex challenges, inspired by working alongside thoughtful teammates, and passionate about building technology that enhances—rather than replaces—what makes us human, you’ll feel right at home here. Our work is centered on five core values: Show up, be you. We welcome every kind of thinker, maker, and teammate: quiet or bold, methodical or messy, with all their talents and quirks. Inclusion isn’t a checkbox—it’s how we connect, grow together, and do our best work. Be scrappy, stay steady. We’re resilient and quick on our feet, adapting with creativity and staying grounded when things shift. Create transparency, collaborate better. We believe knowledge grows when it’s shared. Clear, open communication builds trust and strengthens collaboration. Foster community, be compassionate. We show up for our teammates, customers, and neighbors. Strong businesses grow from relationships built with care and grounded in shared effort. Build thoughtfully, create impact. We design for clarity, build for scale, and measure success through real-world impact. About the Role: As a Cloud Security & Compliance Engineer at Mobi, you’ll partner with a dynamic, forward-thinking team to build the resilient foundations that power our cutting-edge web experiences and AI-driven solutions. You’ll play a key role as the Security Engineering SME and Systems Builder, shaping the technologies that protect our travel-planning and logistics systems, which are used by some of the world’s leading brands. This role blends technical engineering with the meticulous follow-through needed for compliance and documentation. You’ll be a representative for our customers and a creative partner for our engineers, focusing on audit-readiness as much as secure code. It’s an engaging, high-impact role where you move the business forward by finding "the secure way" to help our team ship and scale. Key Responsibilities: Develop, test, and maintain scalable security guardrails to ensure a consistent, secure-by-default posture across our AWS and GCP environments. Navigate the human side of security by acting as a collaborative partner to our engineering teams; you will identify missing standards, negotiate solutions, and proactively suggest "the secure way" to build features rather than acting as a gatekeeper. Partner with our customers' security teams to align our architecture with their specific security patterns and represent Mobi’s robust security posture during technical deep-dives and reviews. Translate high-level security patterns and compliance frameworks (SOC 2 and GDPR) into high-quality, hardened infrastructure code and automated evidence collection. Review system designs to troubleshoot vulnerabilities, debug misconfigurations, and resolve architectural security gaps before they reach production. Own the security lifecycle—from initial threat modeling and customer alignment through to automated testing, shipping, and audit-ready reporting. Implement best practices for code quality, secret management, and maintainable security patterns across the entire engineering organization. Stay current with cloud-native security trends, multi-cloud vulnerabilities, and emerging AI-driven security technologies to proactively protect our AI-powered solutions. Qualifications: Bachelor’s degree in Computer Science, Engineering, or a related field—or equivalent practical experience in technical security. Strong hands-on experience securing AWS and GCP infrastructure (e.g., API Gateway, Identity, Networking, Encryption, and Logging). Deep understanding of technical controls for SOC 2 and GDPR. Deep understanding of backend APIs, and RESTful services from a Zero Trust and data protection perspective. Proven ability to design and implement security frameworks in ambiguous or rapidly evolving environments, building scalable processes and guardrails where none previously existed. Strong problem-solving skills and the ability to work cross-functionally to align security goals with developer velocity. Comfortable reading and navigating modern codebases (e.g., TypeScript/JavaScript or Python) to conduct security reviews and understand application logic. Recent experience working on AI Applications, with an understanding of privacy concerns and security risks specific to LLMs. Excellent interpersonal and communication skills; able to lead high-stakes technical deep-dives with enterprise partners and negotiate security standards across teams using a collaborative, "solution-first" approach. Bonus: Experience using Infrastructure as Code to build and manage secure environments (e.g., Terraform or CloudFormation/CDK). Experience using AI Tools (Claude Code, GitHub Copilot, etc.) to automate security policy generation and workflow audits. Pay Transparency: The base salary range for this US full-time position is between $140,000- $200,000 and is eligible for an annual company bonus, subject to standard withholding and applicable taxes. All candidates receive equity (ISO) and access to a comprehensive benefits offering. The base salary range reflects the minimum and maximum targets for candidates. The following factors are considered when determining the compensation offered: work location, skills, experience, and any relevant education or training. The Recruiter or Hiring Manager can share more about the specific salary range with you during the recruitment process and answer any questions you have. Benefits & Perks Competitive Base Salary + Annual Bonus Comprehensive Health Insurance (Medical, Dental, and Vision) for you and your family, covered mostly by the company. Company-paid Disability and Life Insurance Optional Pet Insurance and Identity Theft Protection Paid Parental Leave (for all types of parents and families) Equity ownership in the company 401k Plan Unlimited Paid Time Off + $1,000 Bonus for taking five consecutive days off Flexibility to work anywhere in the world for one month a year Tuition Reimbursement Cell Phone & Transportation Reimbursement Lunch daily from local restaurants Cozy office environment with a full kitchen, massage chairs, live plants, and much more! Mobi hires those willing to work either full-time in office or on a hybrid schedule. Equal Opportunity We are an equal opportunity employer; applicants, employees, and former employees are protected from employment discrimination and harassment of any type based on race, color, religion, sex (including pregnancy, sexual orientation, or gender identity), national origin, age, disability, protected veteran status and genetic information (including family medical history), or any other characteristic protected by federal, state or local laws.
Responsibilities
The engineer will develop and maintain scalable security guardrails across AWS and GCP environments, acting as a collaborative partner to engineering teams to suggest secure building methods rather than acting as a gatekeeper. Responsibilities include translating compliance frameworks into hardened infrastructure code, owning the security lifecycle from threat modeling to audit-ready reporting, and aligning architecture with customer security patterns.
Loading...