About PointOne
We’re building an AI system to automate timekeeping and firm intelligence for law firms, starting with timekeeping and billing. The business of law is rapidly changing in response to AI. We’re using our entry wedge — and the rich data stream it generates — to help firms transition their businesses into the AI era.
Our team is a mix of legal, AI, and startup backgrounds from Fenwick & West, Applied Intuition, and Google. We recently raised a seed round from Y Combinator, Bessemer, 8VC, General Catalyst, and several of our early customers (who asked to invest after using the product).
We are getting strong pull from the market and can’t keep up with the volume of customer demands — this is where you come in.
Who You Are
You have 3+ years of experience in security engineering, DevSecOps, or infrastructure engineering with a strong security focus — ideally in a fast-paced startup or cloud-native environment.
You have:
Deep familiarity with AWS (IAM, VPCs, KMS, CloudTrail, etc.) and securing serverless or microservice architectures
Hands-on experience implementing secure infrastructure, identity and access controls, and secure-by-default patterns
A pragmatic understanding of compliance frameworks (SOC 2, ISO 27001) and how to build toward them
Comfort with vulnerability management, incident response, and tooling for security monitoring
Strong coding ability — enough to build security automation, write tests, and reason about application risks
A “design for failure” mindset — you think in terms of blast radius, least privilege, and fault tolerance
A bias for shipping fast while holding a high bar for reliability and trust
Excitement to work in-person at an early-stage company and shape foundational systems
What You’ll Do
You’ll be the first dedicated security engineer at PointOne. You’ll own our security posture end-to-end and ensure we scale with trust, resilience, and strong controls in place.
To accomplish this, you will:
Design and implement access controls, secrets management, and network boundaries across AWS
Lead the technical implementation of SOC 2 Type II and other compliance initiatives
Build monitoring and alerting systems for intrusion detection, audit logging, and anomalous behavior
Help secure our backend (Go microservices), frontend (React/TypeScript), and desktop/mobile apps
Work with engineering to embed secure development practices into our CI/CD pipelines
Review code and architecture for vulnerabilities or bad patterns — and propose better defaults
Be the internal point person for security questions from customers, auditors, and partners
Establish and rehearse an incident response plan, and coordinate tabletop exercises
This is going to be intense early-stage startup work; the person we hire is expected to become a leader and help form the company’s vision and culture.
Day in the Life
As our first Security Engineer, you’ll balance hands-on implementation with strategic ownership. Here’s a typical day:
10:00 AM. Jump into our daily standup — you flag a CloudWatch alert showing unexpected spikes in Lambda invocations.
11:15 AM. Pair with an engineer reviewing the design of a new token-based auth flow for a customer-facing integration.
12:45 PM. Draft a short internal note outlining proposed changes to IAM policies for tighter isolation between staging and production.
2:00 PM. Audit our S3 bucket policies and catch one that doesn’t enforce encryption at rest. You patch it and write a linter to prevent regression.
3:45 PM. Meet with the CTO and a founder to scope the roadmap toward SOC 2 readiness. You outline what’s missing and where we can build fast.
5:15 PM. Review the logging and alerting setup for a new service that ingests timekeeping data. You flag a gap in audit logging and propose an instrumentation plan.
6:30 PM. Team dinner and talk through the potential impact of AI on security tooling.