Senior Security Engineer

About The Position

Requirements

• 5+ years of experience in security engineering, security operations, or a related field
• Direct experience with security and compliance frameworks such as SOC 2 and/or ISO 27001, including audit processes
• Deep experience with vulnerability management, including tooling, prioritization, and remediation workflows
• Fluency working across cloud environments (AWS, GCP, or Azure) and modern SaaS ecosystems
• Experience with identity and access management, endpoint security, and IT/security operations
• Demonstrated ability to translate security risks into clear, actionable guidance for technical and non-technical stakeholders
• Demonstrable experience (or at a minimum a serious interest in) leveraging AI tooling to accelerate business impact.
• Strong written communication skills and are comfortable owning documentation and audit artifacts
• Demonstrable proactive, pragmatic mindset as well as capacity for balancing security best practices with business needs
• Experience working cross-functionally influencing without authority in a remote-first environment

Nice To Haves

• Experience designing or improving SIEM, logging, and alerting pipelines
• Familiarity with compliance automation platforms (Drata, Vanta, Tugboat, etc.)
• Experience leading or owning SOC 2 / ISO 27001 audits
• Background in application or cloud security engineering
• Experience mentoring or guiding more junior team members

Responsibilities

• Own and evolve Overstory’s compliance program, ensuring ongoing alignment with SOC 2, ISO 27001, and other relevant frameworks
• Drive vulnerability management end-to-end, from detection to remediation, working closely with engineering teams to prioritize and resolve risks efficiently
• Design and improve security processes and controls across infrastructure, applications, and internal systems
• Lead security input in architecture and engineering decisions, helping teams build secure-by-design systems
• Oversee and improve identity and access management, endpoint security, and core IT security practices
• Own vendor security and third-party risk management, including assessments, risk evaluation, and mitigation strategies
• Lead audit readiness and execution for SOC 2 and ISO 27001, including control design, evidence collection, and auditor coordination
• Partner with customer-facing teams to handle security questionnaires and build scalable, high-quality response processes
• Contribute to security awareness and culture, mentoring others and raising the security bar across the organization

Benefits

• Competitive, location-specific compensation and benefits
• Flexible, autonomous and collaborative working environment rooted in trust - we build our work days around our lives, not the other way around
• Home office stipend
• coworking
• ongoing education budgets
• A company culture that genuinely embodies each of our core values
• To be part of truly mission-driven work that reduces wildfires, protects earth’s natural resources and helps solve our climate crisis