About the Role: Your Mission as Our Security Architect

Penguin Ai is searching for a highly technical, hands-on Security Architect to lead our security engineering and compliance initiatives. Let's be crystal clear: this is NOT a CISO role. We need someone who thrives in the technical trenches, someone who lives and breathes code, while still keeping a strategic eye on the horizon.

Think of it this way: you'll be spending 80% of your time with your hands in the dirt (or rather, in the code!)doing actual security work, and 20% on the crucial management and coordination that keeps our ship tight.

This role is paramount as we partner with major Healthcare Enterprises and navigate a labyrinth of compliance frameworks. We're looking for someone with true startup DNA – a quick-moving, multi-hat-wearing wizard who can embed security into our very core, not just bolt it on as an afterthought.

Your Day-To-Day Superpowers: What You'll Actually Do:

Security Engineering & Assessment; The Sentinel's Watch:

• Pen-Test Pro: Regularly raid our own infrastructure and applications with security assessments and penetration tests. Find the weaknesses before the bad guys do!
• Cloud Guardian (AWS): Implement and maintain iron-clad security controls for our cloud infrastructure and all our endpoints
• DevSecOps Maestro: Design, build, and maintain our DevSecOps pipelines and tooling, making security an effortless part of our development flow
• Code Review Crusader: Perform security code reviews and squash vulnerabilities in production code (React, Python, FastAPI) like a bug-busting superhero
• AI Defence Strategist: Implement robust security guardrails for our cutting-edge LLM-based agentic workflows and AI systems

Compliance & Risk Management; The Rulebook Revolutionary:

• Compliance Captain: Own and meticulously maintain our SOC2 Type 2, ISO 27001, and HIPAAcompliance programs
• DDQ Dragon-Slayer: Conquer those daunting Security Due Diligence Questionnaires (DDQs) from our Healthcare Enterprise customers with precision and expertise
• Cross-Functional Connector: Coordinate seamlessly across our engineering, product, and operations teams to weave security controls into every fibre of our platform
• Vendor Whisperer: Manage relationships with security vendors and external auditors, ensuring we always have the best allies

Developer Enablement; The Security Sensei:

• Code Review Mentor: Review and fix security vulnerabilities in code written by other developers, turning potential threats into learning opportunities
• OWASP Jedi: Train development teams on OWASP Top 10 and secure coding practices
• Security Trainer: Conduct engaging security training sessions to level up everyone's game
• Proactive Protector: Embed security best practices into every stage of the development lifecycle

Incident Response; The First Responder:

• Incident Commander: Own our incident response processes from start to finish
• Root Cause Analyst: Dive deep to conduct thorough root cause analyses for security incidents
• Communication Czar: Manage customer communications during security events with transparency and policy adherence
• Preventative Pioneer: Implement measures to prevent future incidents based on lessons learned

Management Responsibilities (Your 20% Strategic Edge):

• Strategic Reporter: Report directly to the Head of Engineering (Co-founders) on risk assessments and our overall security posture
• Audit Ace: Provide oversight and spearhead external compliance audits
• Update Oracle: Deliver weekly security updates to management, keeping everyone informed
• Policy Perfector: Review and update security policies and procedures (no need to author from scratch – you're refining the masterpiece!)

What We're Looking For: Your Security Arsenal!

We need someone with an extraordinary combination of:

• Seasoned Security Veteran: 6+ years of hands-on information security experience
• Cloud Commando (AWS): Deep expertise in cloud security, specifically AWS
• Python Powerhouse: Strong proficiency in Python and the ability to write and review secure code like it's second nature
• Tech Stack Titan: Experience with React, FastAPI, Docker, Kubernetes, GitHub, and Ubuntu
• Penetration Test Pro: A proven track record of conducting penetration tests and vulnerability assessments
• DevSecOps Driver: Hands-on DevSecOps implementation experience that makes security seamless

Compliance & Governance; Your Strategic Blueprint:

• SOC2/ISO 27001 Architect: Direct experience implementing and maintaining SOC2 Type 2 and ISO 27001 programs
• HIPAA Hero: HIPAA compliance experience in healthcare or other regulated environments
• DDQ Dynamo: Experience responding to complex customer security questionnaires and RFPs
• Framework Fanatic: Working knowledge of key security frameworks (NIST, CIS, etc.)

AI/LLM Security; Your Futuristic Vision:

• LLM Guardian: A solid understanding of Large Language Model (LLM) security risks and guardrails
• AI/ML Pipeline Protector: Experience securing AI/ML pipelines and agentic systems
• Responsible AI Advocate: Familiarity with AI safety and responsible AI practices

Soft Skills; Your Secret Sauce:

• Cross-Functional Communicator: Excellent communication skills for seamless cross-functional collaboration
• Global Team Player: Comfortable working with globally distributed teams, especially in India
• Self-Starter Samurai: A self-starter mentality with strong ownership – you don't wait to be told
• Security Storyteller: Ability to translate complex security concepts into understandable, engaging language for non-technical stakeholders

Your Tech Stack!

• Languages: Python. JavaScript/React
• Frameworks: FastAPI, Pytorch
• Infrastructure: AWS, Docker, Kubernetes, GitHub Actions
• AI/ML: Various LLM platforms and agentic frameworks
• OS: Ubuntu Linux
• Security Tools: You’ll help us select and implement 

Bonus Points: Your Secret Weapons!

• Have battled (and won!) in a startup or high-growth environment
• Hold relevant security certifications (CISSP, CEH, OSCP, GIAC, etc.) - your badges of honour!
• Have prior experience in healthcare technology or regulated industries
• Have experience managing distributed security teams
• Possess a background in both offensive and defensive security - you know how to think like the enemy and build impenetrable defences

The Culture Fit: Join Our Colony!

You'll waddle with us if:

• You like your coffee with a side of delightful chaos
• You're fuelled by complexity and obsessed with delivering amazing results
• You enjoy wearing multiple hats (sometimes on the same Zoom call)
• You believe customer success is more than just "support tickets" — it’s long-term impact

Education & Qualifications: Brainiac Basics

A Bachelor's degree in Computer Science, Engineering, Data Science, or a related field

Comp & Perks: Because Even Superheroes Need Support!

• Competitive salary: We reward greatness!
• Medical, vision, and dental coverage: Keep you healthy and smiling!
• Generous vacation policy and company holidays: Recharge and conquer!
• A front-row seat in one of healthcare's most exciting AI companies – witness history in the making!