About Parspec

Parspec is building the AI and digital infrastructure for the construction materials supply chain.

Construction is a $15 trillion industry, yet the systems that underpin the buying and selling of materials remain fragmented, manual, and disconnected. Distributors and rep agencies rely on spreadsheets, PDFs, phone calls, and siloed tools to find new products and quote and manage projects; creating delays, errors, and margin erosion across the supply chain.

Parspec is an AI-native platform that powers how construction products are discovered, bought, and sold. Trusted by more than 300 MEP distributors and rep agencies, Parspec helps project-driven businesses bid faster, win more work, and operate more profitably. By combining product intelligence, AI-powered workflows, and a connected ecosystem, Parspec is laying the foundation for a more intelligent, efficient construction supply chain.

Founded in 2021 and headquartered in San Mateo, California, Parspec has raised $31 million from leading deep-tech and construction-technology investors.

The Opportunity

We are looking for Parspec’s first dedicated Application Security Engineer. That means you are not writing policy documents and waiting for someone else to fix things — you are finding vulnerabilities, fixing them yourself, and building the automated systems that prevent them from coming back.

We are an 80-person company with a Django/React stack running on AWS. We have real security debt (we know where it is) and a Canadian data residency deployment coming that requires SOC2 compliance. We need someone who can move fast, ship fixes, and build security into our CI/CD pipeline — not someone who produces quarterly audit reports.

We are an AI-augmented engineering team. You will use Claude Code, automated scanning, and AI-assisted code review to do the work of a traditional 3-person security team. If that excites you, this is your role.

What You Will Achieve and Key Responsibilities

Domain Ownership & Product Development

• Own application security end-to-end — code-level security review of Django REST APIs, React frontend, and Python backend. You understand how auth works, how serializers can leak data, how ORM queries can be injected, and how to fix all of it.

• Fix real vulnerabilities from day one — we have known issues including SSRF, IDOR patterns, unsafe code execution, and permission gaps. Your first month is hands-on remediation in our Django codebase, not assessment.

• Pen test and remediate — conduct regular security assessments of our web applications, APIs, and cloud infrastructure. You don’t just write a report — you open the PR to fix what you find.

• Secure our cloud infrastructure — own AWS security posture (IAM, VPC, S3, ECS) and support the Canadian data residency deployment with proper network isolation and encryption at rest and in transit.

AI-Driven Development & Execution

• Build automated security gates into CI/CD — every PR should be scanned for OWASP Top 10 issues automatically. You will build this into our GitHub Actions pipeline so security review scales without you being a bottleneck.

• Use Claude Code, automated scanning, and AI-assisted code review to operate at 10x the speed of traditional security work — one person, amplified.

• Continuously improve security workflows using AI tools and automated pipelines to triage, scan, and remediate vulnerabilities faster.

Shipping, Testing & Quality

• Drive SOC2 compliance with technical controls, not just documentation — automate evidence collection where possible and support the compliance journey end-to-end.

• Ensure security standards are met across every shipped feature through automated scanning (SAST, DAST, SCA tooling), AI-assisted code review, and manual validation.

• Act as the quality bar for application security across the entire codebase, including AI-generated code contributions.

Collaboration & Code Review

• Respond to incidents as the security incident commander — triage quickly, build runbooks, and ensure the team learns from every incident.

• Review PRs across the engineering org for security implications, providing clear, actionable feedback that engineers can act on immediately.

• Work with engineering and product teams to challenge assumptions, raise security requirements early in the design process, and improve solutions before they ship.

Systems & Playbook Development

• Build the security function from scratch — you are the first. Your decisions, patterns, and playbooks become the foundation that the entire team operates from.

• Define best practices for secure development, security testing, and incident response across the engineering organization.

• Create and maintain security runbooks, CLAUDE.md security conventions, and automated pipelines that make secure-by-default the standard — not the exception.

Why This Matters

• Engineering at Parspec is core to transforming a massive, underserved industry. As our first security engineer, you are building the foundation that protects real businesses — enterprise customers whose operations depend on the platform you secure. Your work directly shapes the company’s ability to scale, expand to new markets, and earn the trust of its customers.

• You will help define a new model for how modern engineering teams build securely — leveraging AI to dramatically increase security coverage while maintaining velocity. We are not hardening a mature system; there is meaningful, high-impact work from day one.

Who You Are

Mandatory Qualifications

• 4+ years in application security (web applications, APIs, cloud).

• Hands-on experience securing Python/Django applications — you can read and write Python fluently.

• Deep knowledge of OWASP Top 10 — not just the list, but how each vulnerability manifests in real code and how to fix it.

• AWS security experience (IAM, VPC, security groups, encryption, S3 policies).

• Experience building security automation into CI/CD pipelines (SAST, DAST, SCA tooling).

• Pen testing skills — you can find the IDOR, the SSRF, the auth bypass, and you have done it on production systems.

• Python and/or Bash proficiency for scripting, automation, and tool building.

• Comfortable with AI coding tools (Claude Code, Copilot, Cursor) — or eager to become so.

Preferred Qualifications

• Experience with Django REST Framework specifically.

• React/TypeScript security awareness (XSS, CSP, auth token handling).

• SOC2 or ISO 27001 compliance experience with technical controls, not just audit prep.

• Bug bounty track record or CTF experience.

• DevSecOps experience — you have built the pipeline, not just used it.

• Terraform/IaC security experience.

What We Offer

• Competitive salary and discretionary bonus, plus equity options

• Unlimited PTO policy

• Flexible hybrid work environment

• Regular team offsites and a budget for professional development

• Preferred Location: Bangalore, with regular in-office presence

Join Us – Lead the Transformation!

At Parspec, we recognize that traditional job descriptions don’t always capture the full range of your unique abilities—and that’s perfectly okay. You may not meet every requirement, but if you bring a mix of experiences, fresh perspectives, and a passion that aligns with our mission, we want to hear from you!

The Parspec team believes that varied backgrounds drive better outcomes and fuel innovation. We are a team of self-starters that lead from every seat. We think big, set a standard of excellence and are committed to diversity and a discrimination-free workplace. We welcome applicants from all walks of life to join us and help shape the future at Parspec.

How to Apply

Submit your application and resume highlighting your achievements. Apply now and help drive transformative change in one of the world’s oldest and largest industries!