Security Engineer
About The Position
We're looking for a Security Engineer to join our growing security function. As an early hire on the team, you'll have a front row seat in shaping not just how we protect our environment today, but how security is designed, governed, and scaled going forward. The immediate work is hands-on: securing our Microsoft 365 commercial and GCC-High environments, supporting our CMMC L2 compliance posture, and working with developers to ensure our processes are built with security in mind from the start. The future holds the chance to define how the security team grows alongside engineers, IT, and compliance. While your primary focus will be on the immediate needs of cloud- and IT-security, there will be opportunities to influence the secure design of the aircraft, if you want them. We believe security is an enabler, not a blocker. The right person for this role shares that mindset and knows how to move fast with guardrails rather than block with gates. We know there’s a lot of ground to cover and that successful candidates won’t necessarily have experience in everything we need to do. If you’re solid in one or more areas and hungry to grow in the rest, apply.
Requirements
- 7+ years of security engineering experience with meaningful depth in Microsoft cloud security.
- Hands-on experience implementing NIST 800-171 and CMMC L2 controls in a technical capacity, including system boundary management and evidence production.
- Demonstrated experience with DevSecOps practices, including securing CI/CD pipelines, managing secrets, and integrating security tooling into development workflows.
- Scripting or automation experience (PowerShell, Python, or Bash) applied to security operations, configuration management, or compliance workflows.
- Enough architectural awareness to contribute meaningfully to environment design conversations, not just execute on them.
- Strong documentation and communication skills suited to a cross-functional environment where security is one piece of a broader compliance and business program.
- The ability to see the big picture: understanding how individual security decisions connect to regulatory posture, business risk, and company growth.
Nice To Haves
- Exposure to operational or platform security beyond corporate IT (cloud infrastructure, SaaS security, endpoint detection).
- Experience designing and implementing guardrails on AI-powered tooling (e.g., Claude Code)
- Experience building or evolving a security program at a startup or high-growth company.
- Current clearance (Secret or above) is nice but not required.
- Certifications that aid with 8140 compliance (CISSP, CISM, CISA, etc)
Responsibilities
- Spearhead security efforts and improvements for our Microsoft 365 commercial and GCC-High environments, covering identity, device management, data protection, and access governance.
- In coordination with the GRC engineer, design, implement, and maintain security controls aligned to compliance frameworks like CMMC L2 and ISO 27001, with an eye toward repeatability, auditability, and scale.
- Partner with our MSP/MSSP on security operations and maintain internal ownership of security outcomes alongside the Head of Security.
- Provide incident response, when needed, to augment our MSSP.
- Embed security into our development lifecycle through DevSecOps practices, ensuring pipelines, repositories, and deployment processes meet security standards without becoming a bottleneck.
- Build and maintain automation to support configuration management, compliance evidence collection, alerting, and remediation workflows.
- Contribute to security architecture decisions, including environment design, tooling selection, segmentation strategy, and cloud security posture management.
- Develop and maintain security documentation, runbooks, and procedures that reduce single-point-of-failure risk and support future team growth.
- Communicate security risk clearly to both technical and non-technical stakeholders, translating complexity into decisions the business can act on.
Benefits
- Platinum Healthcare Benefits: Atropos offers comprehensive medical, dental, and vision plans with 100% employer-paid premiums and little to no cost to you
- Basic Life/AD&D and long-term disability insurance 100% covered by Atropos, plus the option to purchase additional life insurance for you and your dependents
- Unlimited PTO, with minimum of 15 days enforced
- 20 weeks of paid Caregiver & Wellness Leave to care for a family member, bond with your baby, or tend to your own medical condition
- Family Planning & Parenting Support: Fertility (eg, IVF, preservation), adoption, and gestational carrier coverage with additional benefits and resources to provide support from planning to parenting
- Mental Health Resources: We provide free mental health resources 24/7 including therapy, life coaching, and more. Additional work-life services, such as free legal and financial support, available to you as well
- Tuition and professional development reimbursement for STEM, MBA, and licenses
- In-Office Daily Lunch catered
- Company-funded child care stipend
- Company-funded commuter benefits available based on your region.
- Relocation assistance (depending on role eligibility).
- 401(k) retirement savings plan - both a traditional and Roth 401(k). 6% employer matching contribution
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Mid Level
Education Level
No Education Listed
