• Simulate real-world adversaries and exploit vulnerabilities across applications and AI/ML systems • Design and execute adversarial attacks against LLM-powered products • Test RAG pipelines for data exfiltration and unauthorized knowledge extraction • Conduct penetration tests across various environments • Perform red team exercises simulating APT actors • Use AI models and tools to accelerate vulnerability discovery and exploit development

• We are looking for someone passionate about technology and information security, with a technical, investigative profile and a strong desire to learn. • This opportunity is ideal for students interested in working in a **Blue Team** environment, with exposure to both offensive and defensive security topics, as well as activities involving **Linux, development, automation and environment monitoring**. • We seek a curious person who likes to understand how things work, get hands-on, study security, and develop technical solutions. **Main responsibilities** • Support activities related to **Information Security**; • Assist with security analyses in Linux environments; • Support investigations, troubleshooting and log analysis; • Assist with activities related to **security monitoring (SOC)**; • Support **offensive security** initiatives, such as research, validation and security testing; • Develop or support automations, scripts and technical improvements; • Assist with integrations and analyses in security tools; • Participate in studies, tests and continuous improvements of the environments.

About CompaCompa is a venture-backed AI startup revolutionizing the future of compensation. In a dynamic job market with hiring challenges, accountability, and the rise of AI, companies need the best data to stay ahead of industry changes, competition, and costs. Compa has developed the premier real-time compensation data platform, delivering top-tier compensation intelligence to leading enterprise teams. Compa is a compensation intelligence company built to augment enterprise compensation teams in the era of AI. Our customers include the world’s biggest companies: NVIDIA, Stripe, DoorDash, Open AI, TMobile, Moderna, Workday, Ulta, Target, and more. Locations: Compa headquarters are located in Irvine, California, with growing sites in Denver, Colorado and San Francisco, California. We’re a collaborative, curious, and driven team that values transparency, ownership, and continuous learning and prioritizing in person work where possible. The Role We are looking for an Enterprise Security Engineer to help build and operate Compa’s security-first enterprise environment. This is a senior individual contributor role reporting directly to the Head of Security & IT. You'll own the systems that define how employees access, use, and interact with technology at Compa — identity, access, endpoints, and enterprise SaaS — and treat them as core security infrastructure, not traditional IT. This role sits on the Security team and partners closely with the rest of the business to help Compa move fast, securely, all while delivering a world-class employee experience. We're open to candidates earlier in their career who demonstrate strong systems thinking, sound judgment, and the ability to design for scale. We care more about what you can do than how many years you have been doing it. In this role you will - Design, build, and operate Compa’s enterprise security systems, including identity, access control, endpoint management, and enterprise SaaS administration. - Own end-to-end identity and access workflows, including role-based access models, access packages, provisioning, deprovisioning, and ongoing access hygiene. - Support employees by ensuring reliable, secure access to the tools they need, resolving access and device issues with a strong bias toward durable, system-level fixes. - Implement security-first onboarding, offboarding, and access change processes that scale smoothly as the company grows. - Design and maintain integrations across enterprise security systems (identity, devices, SaaS, and supporting tooling) to ensure consistency, reliability, and scalability. - Automate wherever possible, reducing manual work and operational risk while improving reliability, auditability, and employee experience. - Operate and continuously improve endpoint and device management systems (for example: Jamf, Intune), balancing security requirements with usability. - Own the accuracy and consistency of enterprise security sources of truth, including users, devices, and applications. - Collaborate with the Security team on shared security operations responsibilities, helping improve detection, response, and investigation through better system design, signals, and operational readiness. - Continuously raise Compa’s defensive posture by evolving enterprise security controls such as just-in-time access, trusted devices, and zero trust, and by contributing to a strong internal security culture. - Support the security team with access reviews, audits, and investigations by providing high-quality system design, evidence, and operational context. - Maintain clear documentation, runbooks, and operational processes that enable resilience, self-service, and predictable failure modes. - Act as a force multiplier for the Security team by translating security intent into durable, well-designed enterprise systems that allow Compa to move fast, securely. What success looks like - Employees have fast, secure access to the tools they need, with minimal friction and a consistently strong user experience. - Access is clean, role-based, least-privilege, continuously reviewed, and auditable. - Enterprise security systems scale smoothly as the company grows and evolve as new risks emerge. - Manual work is continuously reduced through automation, better system design, and clear sources of truth. - Enterprise systems provide reliable signals that support detection, response, and investigation. - Security, compliance, and operational needs reinforce each other rather than compete, enabling Compa to move fast, securely. Minimum Qualifications - Demonstrated experience owning and operating enterprise systems such as identity providers, access management, endpoint management, or enterprise SaaS platforms. - Strong systems thinking: ability to reason about workflows, failure modes, scale, and operational risk. - Comfort designing access models and operational processes, not just executing tickets. - Ability to automate or significantly reduce manual operational work, and to improve systems over time. - Ability to support users effectively by diagnosing and resolving system issues with a bias toward durable fixes. - Clear written and verbal communication, especially around systems, trade-offs, and security implications. - Low ego, strong ownership mindset, and good judgment in ambiguous environments. - Gumption — experience working in high-growth or resource-constrained environments. Preferred Qualifications - Experience operating identity and access management systems (for example: Microsoft Entra). - Experience designing role-based access control, access reviews, and provisioning workflows. - Familiarity with compliance frameworks such as SOC 2 and supporting audits through system evidence. - Experience contributing to detection, response, or investigation through identity, device, or access signals. - Experience supporting organizations with high security and privacy expectations. - Interest in continuously improving defensive posture through controls such as just-in-time access, trusted devices, or identity-driven security. - Interest in growing into broader ownership over Enterprise Security or IT as the company scales.

Role Description This role focuses on building the access experience layer at Netflix — designing, building, and operating the services that make access control safe and straightforward for hundreds of internal engineering teams. You will be part of the Access Experience Engineering (AXE) team in Warsaw, Poland, focusing on the integration and experience layer that sits on top of Netflix's core access control infrastructure. You will partner closely with ACE and the Security Services Engineering organization, both primarily based in UCAN, as part of a follow-the-sun, async-first model. - Ownership of system design, implementation, partner integration, rollout strategy, and maintenance of access tooling and integration services. - Work on the adoption layer for Turnstile, Netflix's next-generation access management platform. - Develop APIs, SDKs, and self-service workflows that enable internal teams to implement access securely and consistently. - One engineer on this team will serve as an in-time-zone security anchor — a technical lead who brings a pragmatic, risk-aware lens to AXE's designs and implementations. This role is based in Poland and can be performed remotely within the country. Qualifications - Ability to work collaboratively to solve problems, navigate ambiguity, make and communicate self-directed decisions, and weigh trade-offs. - Experience building scalable, reliable, high-availability, and low-latency services. - Proficiency in modern languages (Java preferred, or Kotlin, Go, Python) and an openness to work across the tech stack as needed. - Experience designing and building developer-facing APIs, SDKs, and integration patterns that make complex systems straightforward for other teams to adopt. - Familiarity with access control and IAM concepts — identity, authentication, authorization, roles, groups, attributes, and resource models. - Experience with auth protocols, including OpenID Connect, OAuth, SAML, and SCIM. - Strong software engineering fundamentals with an interest in the domain. - Experience with GraphQL, gRPC, REST, or similar technologies. - Effective written communication skills and a product-focused mindset, with a security-first approach. Requirements - Experience designing complex access control models using industry standards like RBAC, ABAC, or ReBAC. - Experience with continuous integration and continuous deployment in a cloud platform. - Experience with NoSQL technologies such as Hive, Presto, Spark, or Cassandra. - Experience with graph databases. - Experience with React or another modern frontend framework for full-stack work. Inclusion Inclusion is a Netflix value and we strive to host a meaningful interview experience for all candidates. If you want an accommodation/adjustment for a disability or any other reason during the hiring process, please send a request to your recruiting partner. We are an equal-opportunity employer and celebrate diversity, recognizing that diversity builds stronger teams. We approach diversity and inclusion seriously and thoughtfully. We do not discriminate on the basis of race, religion, color, ancestry, national origin, caste, sex, sexual orientation, gender, gender identity or expression, age, disability, medical condition, pregnancy, genetic makeup, marital status, or military service.