Security Engineer II

About The Position

Requirements

• 2–5 years of experience in security engineering, security operations, infrastructure security, cloud security, IT security, or a related cybersecurity role.
• Bachelor’s degree in Cybersecurity, Computer Science, Information Systems, or a related field preferred.
• Experience working across multiple security domains such as cloud security, identity and access management, vulnerability management, incident response, endpoint security, detection and monitoring, governance support, or infrastructure hardening.
• Working knowledge of modern technical environments, including cloud platforms, SaaS applications, APIs, endpoints, and identity systems.
• Experience assessing security risk, recommending mitigations, and partnering with others to implement improvements.
• Experience investigating security alerts or contributing to incident response activities.
• Experience using scripting or automation to improve security workflows, reporting, integrations, or repetitive tasks.
• Solid verbal and written communication skills.
• Well-developed interpersonal and collaboration skills.
• Proficient organizational skills and attention to detail.
• Robust analytical and problem-solving skills.
• Excellent time management skills with the ability to manage priorities and meet deadlines.
• Ability to work effectively in a fast-paced environment with changing priorities.
• Ability to take ownership of moderately scoped work with limited oversight.

Nice To Haves

• Experience working in a SaaS or product-focused technology company.
• Experience with AWS, Kubernetes, infrastructure as code, or modern cloud-native environments.
• Familiarity with security frameworks and benchmarks such as CIS, NIST, SOC 2, or ISO 27001.
• Experience with tools related to SIEM, EDR, vulnerability management, CSPM, IAM, or security orchestration.
• Familiarity with security considerations related to AI systems, LLM-powered tools, or Agentic AI deployments.
• Experience supporting audits, compliance efforts, or technical control reviews.

Responsibilities

• Design, implement, and maintain security controls that protect BambooHR systems, infrastructure, users, and data.
• Support security across a cloud-first, API-driven, and modern technology environment, including cloud platforms, SaaS systems, identity systems, endpoints, and containerized services.
• Conduct security assessments and risk reviews for systems, processes, and emerging technologies, including AI-enabled and Agentic AI use cases.
• Assist with security incident response efforts, including investigation, containment, remediation, and follow-up improvements.
• Monitor and improve security telemetry, alerting, and detection capabilities to strengthen BambooHR’s ability to identify and respond to threats.
• Automate repetitive security tasks and improve workflows through scripting, integrations, dashboards, or tooling enhancements.
• Own defined security control or policy areas end-to-end, helping update standards to align with regulatory requirements, company priorities, and industry best practices.
• Partner with engineering, IT, compliance, and other stakeholders to ensure security measures support business objectives while maintaining strong risk management.
• Serve as a security advocate and trusted resource to partner teams by providing practical guidance, education, and support.
• Contribute technical input to governance, risk, and compliance initiatives, including audits, control reviews, and risk register activities.
• Help define and execute security initiatives by tracking work, managing dependencies, and contributing to successful project delivery.
• Stay current on evolving threats, security practices, and new technologies, and recommend improvements that strengthen BambooHR’s security posture.
• Deliver measurable improvements in one or more areas such as cloud security, detection and alerting, incident readiness, identity and access management, endpoint posture, or AI risk management.
• Contribute to incident response and help drive corrective actions for identified gaps.
• Improve efficiency or visibility through automation, reporting, or tooling enhancements.
• Build trust with partner teams through consistent communication, sound judgment, and practical security guidance.
• Support a culture of continuous improvement by documenting processes, sharing knowledge, and coaching others when appropriate.

Benefits

• A Great Company Culture that has been recognized by multiple organizations like Inc, and Salt Lake Tribune
• Comprehensive health, life, and disability insurance
• Generous leave policies that include 4 weeks of vacation, 12 company holidays, parental leave, and volunteer time off so you can enjoy quality of life
• 401k plans with up to 6% company match
• $2000 Paid-Paid Vacation bonus
• EAP through Headspace
• Check out all our benefits that benefit you