Startup doesn't require SECURITY team

I’ve noticed a frustrating pattern across startups (at any stage, not just early): security is often neglected or downplayed. Under intense product and growth pressures, developers (who already wear multiple hats) sometimes end up:

    - Pushing secrets or credentials to code repos
    - Writing vulnerable or buggy code
    - Avoiding security scanners/testing because they “slow things down”
    - Generally fighting against security measures such ex:JIT permissions instead of embracing them

On top of this, many startups don’t allocate budget or priority to security—even critical initiatives. Whether the company is pre-revenue, or focusing heavily on growth, this often translates into:

    - Minimal (or no) dedicated security resources
    - Incomplete processes for securing data and infrastructure
    - A culture that sees security as an obstacle rather than a foundational need

The Core Question Is it worth working at a startup if you care deeply about security? Or are bigger tech companies, with more established programs, dedicated budgets, and better compensation packages, simply the safer bet?

Personal Conclusion After seeing how often security is sidelined/destroyed, I’m leaning toward the idea that security-minded engineers should pursue roles in bigger tech companies, where you can potentially earn a $300k+ package, vest RSUs, and have the resources to do security the right way. Recruiters may lure you with lots of startup stock options, but in my humble opinion, it’s better to run away from startups—especially when security is a core concern.