About Circuit

Circuit is building the world’s first manufacturing-focused AI knowledge and workflow platform. Our mission is to help industrial and manufacturing enterprises transform how they sell, support, and collaborate with their dealer, distributor, and customer networks by turning complex product data and documentation into actionable, intelligent workflows, from partner enablement to CPQ to technical support.

Backed by a senior team and early enterprise traction, we're moving fast, and we're looking for a Director of Security & IT to own and drive security, compliance, and IT across the company.

The Role

As Director of Security & IT, you will own Circuit's security posture end-to-end, across our application, infrastructure, and business systems. You will be the primary person responsible for keeping Circuit safe, compliant, and audit-ready, against traditional threats, AI-empowered adversaries, and the emerging risks that come with high-leverage use of AI across our own workflows and our customer-facing platform. You will report to the CTO and work closely with the infrastructure team and broader engineering org to find solutions that let us move fast without taking on unacceptable risk.

This is a hands-on individual contributor role at the director level. You will define policy and implement it. You will run threat models and fix the gaps you find. Circuit operates in a high-trust enterprise environment where customers and partners scrutinize our security practices carefully. You will be the person they are scrutinizing – and you will need to be proud of what they find.

This is an on-site position based in Austin, TX.

Key Responsibilities

Own company-wide security and compliance, spanning application security, infrastructure security, and IT, including full ownership of audits and compliance programs, such as SOC 2, and future ISO 27001 and ISO 42001 certifications.
Define, write, implement, and enforce organization-wide security policies, standards, and controls, and ensure they are actually followed.
Lead security incident preparedness and response, owning the plan, the tooling, and the execution when something goes wrong.
Own supply chain security across the software lifecycle, including dependency risk, build pipeline integrity, and third-party code provenance. Assess and mitigate security risks introduced by the company's use of AI tooling in development workflows and by agentic AI execution in production.
Oversee and operate security monitoring infrastructure, including EDR, SIEM, and related tooling, and respond to what you find.
Own access control across the organization, including identity and access management, provisioning and deprovisioning, and privileged access governance.
Lead vendor security assessments and manage security and compliance obligations embedded in customer contracts.
Serve as a subject-matter resource in customer and investor conversations when questions arise about Circuit's security architecture, practices, or compliance posture.
Own the penetration testing program, coordinating external testers and driving remediation.
Conduct ongoing vulnerability assessments and threat modeling across both application and business systems.
Own IT infrastructure and operations across the organization, with sufficient depth across both Google and Microsoft ecosystems to support internal needs and customer-facing requirements.
Own security across Circuit's applications and application infrastructure. Engineering builds and operates these systems; you ensure they are secure and stay that way.
Drive near-term security priorities including Vanta deployment, device security hardening, and robustification of our infrastructure and business systems.
Partner with the go-to-market team and leadership to shape Circuit's external security narrative, including trust pages, security documentation, and customer-facing materials, ensuring they accurately reflect our practices and resonate with enterprise buyers.

Experience

Proven track record owning security end-to-end at a fast-moving technology company, not just advising but doing, from policy definition through hands-on implementation.
Deep knowledge of security compliance programs including SOC 2 Type II, with practical experience running audits and managing the evidence lifecycle. Familiarity with ISO 27001 and ISO 42001 is a plus.
Strong threat modeling and vulnerability assessment skills across both application and infrastructure attack surfaces, with working knowledge of industry frameworks including MITRE ATT&CK, MITRE ATLAS, NIST CSF, and OWASP, including the OWASP LLM Top 10 for agentic and AI-facing systems.
Practical understanding of security risks introduced by AI-assisted and autonomous development workflows, including agentic coding tools that operate with minimal human oversight. Experience reasoning about prompt injection, data exfiltration, and uncontrolled tool use in both development and production environments. Familiarity with NIST AI RMF is a plus.
Hands-on experience operating and tuning security tooling including EDR, SIEM, vulnerability scanners, and secrets management systems.
Solid IT operations background, including hands-on administration of both Google Workspace and Microsoft 365 environments, MDM, IDP management (e.g. Okta, Azure AD, Google Identity), and endpoint security.
Experience securing cloud infrastructure (AWS, GCP, or Azure), including network segmentation, IAM, and secrets management.
Experience with access control design and administration across SaaS and cloud platforms at the organizational level.
Working knowledge of supply chain security risks and practices, including dependency scanning, third-party risk management, and vendor assessments.
Direct application infrastructure experience is a plus (e.g. containers, kubernetes, EKS, EC2)
Ability to read and write code in one or more languages is required.

Human Skills

Ownership mindset. Takes responsibility for outcomes, not just activities. If something is broken and in scope, it gets fixed, not escalated.
Doer with good judgment. Knows when to move fast and when to slow down and think. Builds solutions that will hold up over time, not just pass the next audit.
Strong communicator. Can translate technical risk into business language for leadership, customers, and investors. Able to shape how the company talks about security externally, not just answer questions but help craft the narrative. Translates compliance requirements into practical engineering constraints for developers.
Collaborative by default. Earns influence through expertise and relationships rather than authority. Understands that sustainable security requires buy-in, not just mandates.
Hungry to grow. Excited to build something from a strong foundation rather than inherit a mature program. Motivated by the scope of the problem, not the size of the team.
High integrity. Handles sensitive information and access with discretion. Does not cut corners on things that matter.

What We Offer

Early-Stage Ownership: Join at the ground floor of a company with real traction and momentum.
Empowered Culture: We value autonomy, candor, and craft. You'll be trusted to lead.
Cutting-Edge Tech: Work with the latest in AI, backend systems, and intelligent infrastructure.
Meaningful Impact: Shape a platform that transforms how organizations activate knowledge.
Holistic Benefits: Competitive comp, equity, 100% paid healthcare, 401K, flexible PTO, and a team that truly cares.