hero

Craft Ventures Portfolio Job Board

Staff Security Engineer

Norm AI

Norm AI

IT
New York, NY, USA
USD 235k-270k / year + Equity
Posted on Jul 9, 2025

About Norm Ai

Norm Ai is the Compliance AI Platform for legal standards-based reasoning & workflow automation.

We developed the first Domain Specific Language (DSL) for fully representing regulatory requirements in AI code. This DSL, deployed with our enterprise platform, enables Norm clients to transform workflows and apply compliance checks at the source of business activities.

We are setting the norms for compliance processes at the largest institutions in the world. Our client base includes firms with a combined $17 Trillion in AUM, and growing quickly.

Our Software Engineers came from Palantir, Google, Meta, AWS, Harvard, Stanford, and MIT. Our Legal Engineers are from Harvard Law, Stanford Law, Yale Law, Sullivan & Cromwell, Simpson Thacher, Davis Polk, Greenberg Traurig, the SEC, and FINRA.

We have raised $85 million over the past 18 months from top VCs and global institutions, including Vanguard, Blackstone, Bain Capital, Coatue, Craft Ventures, New York Life, Citi, TIAA, and Marc Benioff.

This Role

As a Security Engineer on the Platform team at Norm Ai, you will architect and build the security foundation for our AI-driven compliance platform. You'll work at the intersection of product security, infrastructure protection, and AI safety, building foundational security services that enable both our platform reliability and our engineering teams' velocity. You will define, build, and own the authentication and authorization posture that protects our entire ecosystem: our core multi-tenant platform and our growing number of isolated, single-tenant customer deployments. You'll have significant input into our security architecture and the freedom to propose and implement security improvements across our entire technology stack.

Our customers depend on us to deliver a secure, trustworthy, and compliant platform for managing regulatory requirements. Earning and maintaining the trust of the world's largest institutions is paramount to our success.

You Will:

  • Design and implement (and improve on) core security services such as secure authentication systems, access control frameworks, and data protection mechanisms for our AI-driven compliance platform

  • Build secure-by-default libraries and tools that make the secure path the easiest and most attractive choice for developers

  • Review security-critical code and own key security components, including authentication, access control, and data protection systems

  • Contribute meaningfully to the Norm AI codebase, focusing on security enhancements for our DSL execution engine and compliance workflows

  • Create comprehensive security monitoring and alerting systems to provide visibility into the health and security posture of our infrastructure

  • Audit the existing codebase for vulnerabilities, particularly in our LLM client and customer data handling

  • Improve our static analysis and vulnerability management tooling

  • Conduct red team exercises and penetration testing to identify security gaps

  • Participate in and drive mitigation strategies during security-related incident responses

  • Partner closely with engineering teams to incorporate secure design principles at every stage of development

  • Mentor other engineers on security best practices and secure development methodologies

Skills & Experience - Core

  • 4+ years of experience in product security, application security, offensive security, and/or security-focused software engineering

  • Strong proficiency in developing secure cloud-native containerized applications in at least one programming language commonly used for backend development, although Python experience is preferred

  • Demonstrated experience writing high-quality software and raising the quality bar of software engineering teams

  • Proven ability to identify software vulnerabilities, demonstrated through CVEs, bug bounty awards, blog posts, or prior work experience

  • Track record of building reliable and scalable security systems and controls

  • Proficiency with data storage technologies such as PostgreSQL and Redis from a security perspective

  • Experience with observability and security monitoring tools such as Datadog or OpenTelemetry

  • Proficiency with at least one of the major cloud providers, preferably both AWS and Azure

  • Proficiency with Infrastructure as code tools, preferably Terraform

  • Strong communication and collaboration skills, particularly with engineering teams

Skills & Experience - Pluses

  • Experience in AI/ML infrastructure security and understanding AI safety considerations

  • Background working on complex compliance or regulatory security systems (SOC 2, ISO 27001, FINRA, SEC requirements)

  • Prior experience with OpenFGA or other Zanzibar authorization implementations is preferred

  • Proven ability to design and ship customer-facing enterprise security features including identity federation (SAML/OIDC), data-at-rest/in-transit encryption, and auditable logging

  • Open source security contributions or published security research

What Success Looks Like - 30 Days

Norm AI platform onboarding: Rapidly familiarize yourself with Norm AI's existing infrastructure, architecture, and the unique security challenges of our AI-driven compliance solutions.

Security assessment: Identify key areas for security improvement in existing foundational services and other aspects of Norm AI's architecture.

Monitoring & alerting: Implement essential security improvements to our monitoring and alerting systems to provide visibility into the security health and performance of our infrastructure.

What Success Looks Like - 60 Days

Security enhancement: Based on security gaps you observe over the first few weeks, design and implement an enhancement to a core platform security service, such as improving authentication mechanisms for our compliance data access or strengthening our platform security.

Documentation & best practices: Contribute to internal documentation by creating or significantly improving security documentation for a key platform component in a way that helps both engineers and their AI coding tools better understand secure development practices. Also contribute to external documentation that can be shared with Norm’s clients.

What Success Looks Like - 90 Days

Platform security scalability: Dive deep into the security aspects of our platform code and propose security enhancements that improve its resilience and scalability while maintaining compliance with regulatory requirements.

Knowledge sharing: Begin mentoring other engineers on security best practices by leveraging your experience to improve their security awareness, enhance their understanding of secure coding practices, and foster better security-conscious development across the team.

Comp and Benefits

$235,000 - $270,000 a year plus equity.

The range displayed in this job posting reflects the minimum and maximum target for new hire salary for this position. Within the range, individual pay is determined by various factors, including job-related skills (as uncovered during the interview process), experience, and relevant education or training. Please note that the compensation details listed here reflect the base salary only, and do not include equity or benefits. We offer a competitive salary along with equity compensation. Our comprehensive benefits package includes a 401(k) plan with an employer match. Employees enjoy top-tier insurance coverage, encompassing health, dental, hospital, accident, and vision plans. For candidates needing to relocate to NYC, we provide relocation reimbursement. You'll thrive in our fast-paced learning environment where professional growth is constant.

We embrace a flexible hybrid model, typically in-office 3–4 days per week.

If you’re interested in the role but aren’t sure whether you’re a good fit, we’d still like to hear from you.