Security & Compliance Engineer

About The Position

Requirements

• Minimum of 2 years of experience in software development
• Minimum of 2 years of experience in information security, compliance, or related field
• Proven experience in developing and implementing security policies and procedures
• Experience with security frameworks and standards (e.g., NIST, ISO 27001)
• Certifications in security and compliance such as CISSP, CISM, or CISA are preferred
• Strong knowledge of information security concepts, risk assessment methodologies, and compliance standards
• Familiarity with various security technologies such as firewalls, intrusion detection systems, and encryption technologies
• Familiarity with major Cloud providers - AWS, GCP, Azure
• Excellent verbal and written communication skills
• Strong problem-solving and analytical skills
• Previous experience handling ISO/SOC2 audits for the organization
• Strong interest in working in a high growth, fast-paced and dynamic startup environment

Nice To Haves

• Experience with Go-lang and/or React/Typescript
• Experience working with relational databases, in particular Postgres
• In-depth knowledge and experience with GraphQL
• Experience with observability tools like Prometheus, Grafana etc.
• Experience with compliance management tools
• Experience with tools for vulnerability scanning, dependency tracking

Responsibilities

• Conduct comprehensive risk assessments and audits
• Identify vulnerabilities and ensure that appropriate security controls are in place
• Develop, implement, and maintain company security policies, procedures, and standards
• Provide security training and awareness programs to staff to ensure compliance with security policies
• Develop and implement policies for cloud infrastructure security
• Ensure compliance with relevant industry standards, regulations, and laws such as GDPR, HIPAA, and ISO 27001
• Stay up-to-date with the latest regulatory changes and advise the company on compliance-related matters
• Participate in incident response planning and activities
• Investigate and analyze security breaches and other cyber security incidents
• Evaluate the security and compliance of third-party vendors
• Work with vendors to resolve any security and compliance issues
• Setup systems to make sure that software dependencies are tracked and scanned for vulnerabilities and license compliance
• Conduct internal pentests and audits
• Advise teams on fixes and remediations

Benefits

• Medical, dental, and vision insurance to keep you healthy and thriving
• Employee assistance programs for support when you need it
• Retirement fund contribution matching to help you invest in your future
• Donation matching to amplify your charitable impact
• Paid time off to support your well-being
• Monthly company-wide self-care day to recharge
• Stock options so you can share in our success
• Paid parental leave to support growing families
• Commuter benefits to help you save on your journey to the office
• Employee referral program to reward you for connecting us with great talent