Security Engineer

Rive is a new way to build production-ready UI and graphics — with rich interactivity and state-driven animation. We're on a mission to make hard-coded graphics a thing of the past with a new general-purpose graphics format for all types of software and Ul. Rive empowers teams to iterate faster and build better products.

We’ve seen tremendous organic growth over the last few years. Our innovative customers include tech giants, game studios, consumer apps with millions of users… there are even Rive pixels in space! 

As our enterprise customer adoption increases so does our need for trust, security and SOC 2 and ISO 27001 certification. We're looking for a Security Engineer with a strong DevOps background who can help us continuously improve our infrastructure, implement best-in-class security practices, and lead our certification efforts. Help shape the security function as Rive grows - with the opportunity to grow into a security leadership role.

Some of what you’ll do

• Security & Compliance
• Lead Rive’s SOC 2, ISO 27001, and other security certification processes, partnering with external vendors and auditors.
• Maintain and document security policies, controls, and procedures across infrastructure and engineering.
• Monitor and maintain security posture (e.g. IAM, encryption, vulnerability scans, audit logs).
• Work with teams across the company to implement security-by-design practices.
• Be the point of contact for all presales customer security reviews.
  
• DevOps & Infrastructure
• Automate compliance requirements using tools like Vanta, Drata, or similar.
• Implement the security solutions you determine are necessary from infrastructure to code review.
• Understand the system architecture and user data flows making security recommendations around existing and future architecture.
• Implement infrastructure-as-code practices and support secure deployment pipelines.
• Collaborate with engineering teams to ensure systems are secure, scalable, and maintainable.
• Improve our CI/CD pipelines, observability, and cloud infrastructure on AWS.

• Security Culture & Enablement
• Conduct periodic risk assessments, access reviews, and incident response drills.
• Educate and empower the team to follow secure development and data handling practices.

About You

• 3+ years in Security Engineering with a strong DevOps, Infrastructure background ideally with a SaaS startup.
• Prior experience leading an organization through the audit and certification process with security frameworks like SOC 2, ISO 27001, or NIST.
• Hands-on experience with compliance tooling (Vanta, Drata, Secureframe) and writing policies.
• Strong scripting/automation skills (Python, Bash, Terraform, etc.).
• Experience working with cloud platforms (AWS in particular), containerization, and modern CI/CD.
• Proactive and diplomatic communicator who can work autonomously, cross-functionally and translate security needs into practical solutions.

Location: San Francisco, CA (hybrid) or US and Canada (remote)

Compensation and benefits: We offer a remote centric work environment, comprehensive health, dental, and vision coverage as well as stock options. Rive is committed to fair and equitable compensation practices. Compensation may depend on various factors including, but not limited to relevant work experience, skills, and geographic location. The salary range for this role is $135,000 to $170,000. 

At Rive we are a global group of passionate designers and developers who believe in transparency, failing fast, quick iteration, and experimentation. We aim to build a diverse and inclusive culture where everyone feels supported.

Backed by prominent VCs like a16z and Two Sigma Ventures, we have an incredible opportunity to be game changers in the world of creating interactive content. Help us accelerate the design industry's transition to Rive!