Security Engineer, Automation

About Mercor

Mercor is defining the future of work. We partner with leading AI labs and enterprises to provide the human intelligence essential to AI development.

Our vast talent network trains frontier AI models in the same way teachers teach students: by sharing knowledge, experience, and context that can't be captured in code alone. Today, more than 30,000 experts in our network collectively earn over $2 million a day.

Mercor is creating a new category of work where expertise powers AI advancement. Achieving this requires an ambitious, fast-paced and deeply committed team. You’ll work alongside researchers, operators, and AI companies at the forefront of shaping the systems that are redefining society.

Mercor is a profitable Series C company valued at $10 billion. We work in-person five days a week in our San Francisco, NYC, or London offices.

You'll be the force multiplier for a security team that needs to operate like it's three times its size. There are secrets to migrate to Vault, detection rules to write, SAST/DAST pipelines to tune, lifecycle workflows to automate, and security tooling to integrate across every surface. This is not a DevOps role with a security label. You'll build the automation layer that makes a lean security team operate at multiples of its size - writing the pipelines, integrations, and tooling that eliminate manual work and accelerate every security function.

We use AI heavily in our own security work. You should be comfortable building alongside AI code-gen tools, using LLMs to accelerate development, and treating automation as the default answer to any repeatable process. If you see a manual workflow and immediately think about how to script it, you'll fit in here.

We're in-person five days a week at our SF headquarters, with first Fridays remote.

What You'll Build:

• Secrets migration pipelines - moving application secrets into HashiCorp Vault with zero downtime

• Security orchestration and automated response (SOAR) workflows - connecting alerts from Panther SIEM, SentinelOne EDR, and Wiz CSPM into automated investigation and response playbooks

• SAST/DAST pipeline tuning - reducing false positives, integrating findings into developer workflows, and building feedback loops that improve signal over time

• Identity lifecycle automation - onboarding/offboarding workflows that provision and deprovision access across 53+ SaaS applications via Okta

• Detection-as-code pipelines - version-controlled detection rules that deploy through CI/CD, with testing and validation built in

• Security metrics and reporting dashboards - automated collection of KPIs that give leadership visibility without manual spreadsheet work

What We're Looking For

• You've built automation that a security team relies on daily - not just proof-of-concept scripts

• Strong software engineering skills in Python, TypeScript, or Go - you write production-quality code with tests, error handling, and documentation

• Experience with CI/CD systems (GitHub Actions, CircleCI, or similar) - you've built pipelines, not just used them

• Familiarity with secrets management (HashiCorp Vault, AWS Secrets Manager) - migration, rotation, and dynamic credential patterns

• Experience integrating security tools via APIs - SIEMs, EDR, CSPM, identity providers, ticketing systems

• You understand detection engineering well enough to write and tune rules, even if it's not your primary focus

• 5+ years of professional experience in security engineering, security automation, DevSecOps, or software engineering with a security focus

Bonus Points

• Experience with SOAR platforms or building custom orchestration workflows

• Familiarity with infrastructure-as-code (Terraform, CloudFormation) and GitOps patterns

• Experience automating compliance evidence collection (SOC 2, ISO 27001)

• You've built integrations between identity providers (Okta, Azure AD) and downstream systems

• Background in detection engineering - writing Sigma rules, Panther detections, or similar

• You've measured and demonstrated the ROI of security automation in a previous role

Why Mercor

• Maximum leverage. Every automation you build multiplies the output of the entire security team. You'll see direct, measurable impact on team capacity.

• AI-native automation. You'll use frontier AI tools daily - for code generation, pipeline development, and anything that benefits from an AI co-pilot.

• Ownership from day one. You'll own the entire security automation domain - from secrets management to SOAR to detection pipelines.

• See the future early. Working alongside AI labs means you'll understand frontier model capabilities months before the market.

Benefits

• Equity ownership in a high-growth, profitable company

• Relocation support to San Francisco, NYC, or London as needed

• Housing support near our SF office

• Daily meal stipend

• Premium fitness membership at Equinox

• Comprehensive health insurance