About PlayPower Labs

PlayPower Labs builds software for leading EdTech companies that serve millions of learners.
We help our clients solve hard product and engineering problems so they can deliver better learner experiences through advanced technology, thoughtful design, and reliable execution.
We’ve been fully remote since before COVID and plan to stay remote. We are US-based, with a development center in Gandhinagar, India.

What We Believe

• We believe technology is a force multiplier for education.

• Great software can make learning more engaging, effective, personalized, and accessible for millions of learners worldwide. The future of education will be shaped by advanced online learning, AI, and education data, and we want to help build that future.

• Education data combined with AI is opening up new ways to create adaptive, personalized learning experiences. We’re here to turn those opportunities into real products that learners, educators, and EdTech companies can actually use.

The Role

We’re looking for someone security-minded, product-aware, and high-energy enough to build the security function without turning it into a paperwork factory.

You’ll own security and compliance across product, cloud, engineering workflows, AI tools, agents, MCPs, vendors, and internal processes. The goal is simple: help us move fast, ship safely, and build trust without slowing the team down for no reason.

This is for someone who can create practical guardrails, spot real risks, and make security feel like an advantage, not a blocker.

What You’ll Do

• 🧿 Own security and compliance across product, engineering, cloud, vendors, and internal systems.

• 🗝️ Build practical security controls around auth, access, secrets, data privacy, infrastructure, and deployments.

• 🕹️ Create safe usage guidelines for AI tools, agents, MCP servers, tool calling, and automation workflows.

• 🧪 Run vulnerability management, security reviews, risk assessments, and incident response planning.

• 🧾 Drive compliance readiness for frameworks like SOC 2, ISO 27001, GDPR, or similar.

• 🧯 Help teams handle sensitive data properly, especially when using AI tools and third-party platforms.

• 🧠 Train the team on secure development, AI safety, privacy basics, and common attack patterns.

• 🪄 Bring a startup mindset: fast decisions, clear ownership, practical fixes, and no security theater.

What We’re Looking For

• 🕵️ Strong experience in security, compliance, risk, or application/cloud security.

• 🧰 Good understanding of OWASP, cloud security, IAM, secrets management, vulnerability scanning, CI/CD security, and incident response.

• 🗺️ Familiarity with compliance frameworks like SOC 2, ISO 27001, GDPR, HIPAA, or similar.

• 🧬 AI-native mindset: you understand the risks around AI tools, agents, MCPs, data leakage, permissions, and prompt/tool misuse.

• 🧊 Product-minded, practical, calm under pressure, and allergic to pointless bureaucracy.

Bonus Points

• 🏗️ You’ve built security/compliance programs from scratch at a startup.

• 🛰️ You’ve worked on AI governance, agent security, MCP security, or LLM data privacy.

• 🧲 You can automate security checks, compliance evidence, access reviews, or vendor reviews.

• 🏁 You’ve taken a company through SOC 2 or ISO 27001 successfully.

What We Offer

Remote work, real ownership, space to build the security function properly, and a small team that wants security to be sharp, practical, and built into how we ship.