Security & Privacy Lead

About Aracor
Aracor is on a mission to build a world-class product that will redefine dealmaking. Our AI-native platform helps in-house legal teams manage thousands of pages of documents with greater speed and precision, uncovering key insights and risks in seconds.

The Role

We are looking for a Security & Privacy Lead to take ownership of our company and product security practices from the ground up. We work with highly sensitive legal data and leverage advanced AI to automate what slows deals down and uncover hidden insights. Security, privacy, and compliance are at the core of our mission – we must meet rigorous standards so that even the most demanding customers trust our platform with their confidential information.

Responsibilities

• Architect & Implement Security: Design, implement, and maintain a comprehensive security architecture for the Aracor platform. This includes network and cloud infrastructure security, container/orchestration security, and application-level controls for a multi-tenant environment.
• Data Protection & Privacy: Develop and enforce data protection mechanisms to safeguard sensitive legal data.
• Secure Software Development Lifecycle: Establish a secure SDLC within the engineering team. Define and roll out secure coding standards and best practices, perform design and code reviews with a focus on security, and integrate security testing tools into our CI/CD pipelines.
• Threat Modeling & Risk Assessment: Proactively conduct threat modeling and security reviews for new features (including our AI components) to identify potential risks early. Work closely with engineers to design solutions that mitigate threats and meet compliance requirements without slowing down development.
• Penetration Testing & Incident Response: Plan and oversee regular vulnerability assessments and penetration tests. Take ownership of remediation efforts for any findings, and establish incident response processes and monitoring tools.
• LLM and Data Privacy Controls: Guide the implementation of privacy-preserving machine learning practices. For any AI models we use, ensure no sensitive data is inadvertently leaked or retained. Verify that document processing pipelines are secure and that all content processing adheres to privacy standards.
• Compliance & Audit Readiness: Work towards making our platform and processes compliant with SOC 2 Type II, ISO 27001, GDPR, HIPAA and other relevant frameworks. Implement technical controls and documentation to pass security audits and help develop policies that align with these standards. You'll act as a key liaison during security assessments or customer due diligence, demonstrating our controls and addressing any concerns.
• Cross-Team Collaboration: Collaborate closely with the product management and engineering teams to embed security into every phase of product development. Provide security guidance in architecture discussions and code implementations. Champion a security-first mindset through regular training, knowledge sharing, and by staying up to date on emerging threats and best practices that we can adopt.

Qualifications

• Experience: 5+ years of experience in cybersecurity or application security engineering, with a track record of securing cloud-based products or platforms. You have designed and implemented security controls for complex systems and understand the challenges of protecting sensitive data in a production setting.
• Technical Skills: Deep knowledge of security best practices across software, data, and infrastructure. Hands-on experience with cloud, network/web application security, and cryptography/encryption techniques.
• Secure SDLC & AppSec: Proven ability to integrate security into the development lifecycle – from threat modeling and secure design to code review, static/dynamic analysis, and runtime testing. You are comfortable using security tools and frameworks to identify and fix vulnerabilities and can help engineers remediate issues in code.
• Compliance Knowledge: Working understanding of compliance and data protection standards such as SOC 2, ISO 27001, GDPR, and HIPAA. You know what controls and evidence are needed to meet these standards. Direct experience leading or contributing to a successful certification or audit is a plus.
• Privacy & Data Security: Strong awareness of data privacy principles and strategies for protecting PII. Experience implementing features like data anonymization, encryption/key management, audit logging, and monitoring access patterns for abuse. Bonus if you have experience securing AI systems or handling data for AI models in a privacy-sensitive way.
• Startup Mindset: Ability to thrive in a fast-paced, ambiguous startup environment. You are proactive and self-directed, capable of creating a security roadmap and executing it with minimal guidance. You take ownership of outcomes and are willing to wear multiple hats to get the job done.
• Communication & Leadership: Excellent communication skills with the ability to explain complex security topics in clear, concise terms to engineers and non-technical stakeholders alike. You can influence and drive change without formal authority.

What We Offer

• Impact & Ownership: A lead role at the forefront of an AI-driven product poised to disrupt the legal industry. You'll have significant influence over technology and product direction, with your work directly shaping our success.
• Growth Opportunities: Autonomy to make technical decisions and build a team from the ground up. As we scale, you can grow into a senior engineering leadership position with greater scope and responsibility.
• Remote-First Culture: Work from anywhere. We value results over hours and trust our team to manage their work in the environment where they're most productive.
• Mission-Driven Team: Join a tight-knit team of passionate experts (legal professionals, AI researchers, and seasoned entrepreneurs) driven by a bold vision. We're moving fast, learning every day, and excited to have you shape the journey with us.