Security Engineer

Patreon is a media and community platform where creators give their biggest fans access to exclusive work and experiences. Over 300k creators are cultivating fandoms and building their businesses each month. Creators can offer free memberships to fans looking to explore more of their work, paid memberships to give access to exclusive media and community, or sell directly to fans with Shops.

Ultimately our goal is simple: fund the creative class. And we're leaders in that space, with:

• 8B+ earned since Patreon's inception

• 30M free new memberships in the first year of launching that option, and

• 10M fans paying each month for exclusive access to creators' work and community.

We're continuing to invest heavily in building the best creator products with the best team in the creator economy and are looking for a Security Engineer to support our mission.

This role is a Remote friendly role or open to those who are able to be in-office 2 days per week on a hybrid work model in our San Francisco or New York office.

About the Role

At Patreon, we deal with some of the most sensitive data such as patrons’ payment methods, creators’ financial information to process payouts, along with several other bits of personal information from patrons and creators alike—security is paramount to our success. We are looking for a mid-level (L4) Security Engineer to join our growing Security team. In this role, you will be responsible for designing and implementing security automation, detection, and response capabilities while also owning and streamlining Governance, Risk, and Compliance (GRC) functions. Your contributions will help ensure our platform and corporate environment remain protected and compliant, empowering us to scale securely.

About You

What You Will Do

• Design & Implement Security Solutions

  • Architect and deploy tools and processes that strengthen our infrastructure and corporate security posture in cloud-native (AWS), containerized (Kubernetes/Docker), and on-prem environments.

  • Engineer and maintain controls across multiple security domains (e.g., Endpoint Detection and Response, Cloud Detection and Response, CI/CD, SIEM, IAM, PKI, etc.).

• Automate Security Detection & Response

  • Develop and refine security detection rules, playbooks, and workflows to respond to threats in real time.

  • Build integrations and automated pipelines leveraging DevOps/SecOps tools (e.g., Python scripting, APIs, webhooks) to accelerate investigation and remediation.

• Security Incident Handling

  • Triage and investigate security alerts and incidents, leading cross-functional coordination when required.

  • Drive the continuous improvement of incident response processes and technologies used for detection and containment.

• Governance, Risk & Compliance (GRC)

  • Lead risk management efforts by conducting risk assessments, third-party vendor reviews, and compliance checks against frameworks (e.g., ISO, NIST, PCI, HIPAA).

  • Develop and maintain security metrics (KRI/KPI/OKR) to communicate program effectiveness and inform strategic decisions.

  • Contribute to audits, assessments, and certification processes; maintain and optimize GRC tooling to manage evidence gathering and continuous monitoring.

  • Draft and evolve security policies, standards, and documentation in alignment with regulatory requirements and industry best practices.

• Cross-Functional Collaboration

  • Partner with Product, Engineering, Legal, and other business teams to embed security requirements into new and existing features.

  • Provide threat modeling and security architecture guidance to software development teams to ensure secure design from the ground up.

• Continuous Improvement & Thought Leadership

  • Participate in proactive threat hunting and vulnerability management programs to reduce risk exposure.

  • Remain current on industry trends, emerging threats, and new security technologies.

  • Act as an internal champion for security awareness, training, and best practices across the organization.

Skills and Experience You Possess

• Professional Background

  • Minimum of 4 years of combined experience in Security Engineering, GRC, or related roles in an enterprise or cloud-native environment.

  • Bachelor’s degree in Computer Science, Information Security, or related field (or 6+ years of relevant experience in lieu of degree).

• Technical Expertise

  • Strong foundation in one or more programming/scripting languages (e.g., Python) for automation and tooling.

  • Hands-on experience implementing and managing security controls (SIEM, SOAR, EDR, IDS/IPS, IAM).

  • Demonstrated ability to evaluate and secure cloud infrastructure using IaC tools (e.g., Terraform, CloudFormation).

  • Proficiency in threat detection, incident response, and investigation methodologies (familiarity with MITRE ATT&CK).

• GRC & Risk Management

  • Working knowledge of key security standards and regulations (e.g., NIST CSF, ISO 27001, HIPAA, PCI-DSS, GDPR).

  • Experience executing audits, risk assessments, and managing compliance programs; familiarity with GRC platforms preferred.

  • Ability to develop meaningful security metrics and translate technical details into business-impact language.

About Patreon

Patreon powers creators to do what they love and get paid by the people who love what they do. Our team is passionate about making this mission and our core values come to life every day in our work. Through this work, our Patronauts:

• Put Creators First | They’re the reason we’re here. When creators win, we win. 

• Build with Craft | We sign our name to every deliverable, just like the creators we serve.

• Make it Happen | We don’t quit. We learn and deliver. 

• Win Together | We grow as individuals. We win as a team.

We hire talented and passionate people from different backgrounds across the organization. If you’re excited about a role but your past experience doesn’t match with every bullet point outlined above, we strongly encourage you to apply anyway. If you’re a creator at heart, are energized by our mission, and share our company values, we’d love to hear from you.

Patreon is proud to be an equal opportunity employer. We provide employment opportunities without regard to age, race, color, ancestry, national origin, religion, disability, sex, gender identity or expression, sexual orientation, veteran status, or any other protected class.

Patreon offers a competitive benefits package including and not limited to salary, equity plans, healthcare, unlimited paid time off, company holidays and recharge days, commuter benefits, lifestyle stipends, learning and development stipends, patronage, parental leave, and 401k plan with matching.