We’re hiring a hands-on Cyber Security Engineer to own and elevate the security posture of our organization end-to-end. You will lead our SOC2 compliance program, run Cloud Security Posture Management (CSPM) across our cloud footprint, and harden our day-to-day IT and SaaS environment — with Google Workspace as a critical control plane.
This is a high-ownership role: you’ll set the standards, build the tooling, run the audits, and partner with engineering, IT, and leadership to make security a continuous practice rather than a one-time project.
5–8 years of experience in cyber security, cloud security, or security engineering roles.
Demonstrated experience leading at least one successful SOC2 Type 2 audit (GDPR/ISO 27001 a plus).
Hands-on experience operating a CSPM platform at scale in GCP and/or AWS/Azure.
Strong working knowledge of Google Workspace admin security controls, including context-aware access, DLP, and audit logging.
Solid grasp of identity (SSO/SAML/OIDC, MFA, SCIM), IAM best practices, and zero-trust principles.
Experience with vulnerability management, endpoint security (EDR/MDM), and SIEM/log analytics.
Comfortable scripting (Python, Bash) and working with IaC (Terraform) to automate security workflows.
Excellent written communication — can produce clear policies, audit narratives, and customer-facing security documentation.
Preferred Certifications (one or more)CISSP, CISM, or CISA
ISO 27001 Lead Implementer / Lead Auditor
Google Professional Cloud Security Engineer
Google Workspace Administrator
AWS Certified Security – Specialty or Azure Security Engineer Associate
CCSP, OSCP, or GIAC certifications (GCIH, GCSA, GCED)
1. Compliance & Risk ManagementSOC2 Program Ownership: Drive end-to-end SOC2 Type 2 readiness, evidence collection, control mapping, and audit execution. Maintain continuous compliance between audit cycles.
Framework Expansion: Build a flexible compliance framework that scales to GDPR, ISO 27001, HIPAA, and other regulatory regimes as the business grows.
Risk Assessments: Run regular risk assessments, vendor security reviews, and third-party due diligence. Maintain the risk register and remediation roadmap.
Policy & Documentation: Author and maintain security policies, standards, incident response plans, BCP/DR plans, and employee security awareness training.
2. Cloud Security & CSPMCSPM Operations: Own and operate CSPM tooling (e.g., Wiz, Prisma Cloud, Orca, or equivalent) across GCP and any other cloud environments. Triage findings, drive remediation SLAs, and tune policies.
Vulnerability Management: Build and run organization-wide VM workflows across cloud infrastructure, data stores (GCP, MongoDB, Redis, etc.), containers, and endpoints.
IAM & Secrets: Enforce least-privilege IAM, service account hygiene, key rotation, and secrets management across cloud and SaaS systems.
Infrastructure Hardening: Partner with platform engineering to embed security guardrails into IaC, CI/CD pipelines, and Kubernetes workloads.
3. Google Workspace & SaaS SecurityWorkspace Admin Security: Serve as the security owner for Google Workspace — configure and continuously harden admin console settings, OU policies, context-aware access, DLP rules, alert center, and audit logging.
Identity & Access: Manage SSO, MFA enforcement, conditional access, and lifecycle (joiner/mover/leaver) workflows across Workspace and downstream SaaS apps.
SaaS Posture: Inventory and govern third-party SaaS usage; manage OAuth app allow-listing, data sharing controls, and external sharing policies.
Phishing & Email Security: Tune Gmail security (SPF, DKIM, DMARC, advanced phishing/malware protection) and run user-facing phishing simulations and training.
4. Security Operations & Incident ResponseDetection & Response: Build lightweight SOC capabilities — centralize logging, define detections, and own incident response runbooks and on-call rotations.
Endpoint Security: Manage EDR/MDM tooling across laptops; enforce device compliance and disk encryption.
Tabletop Exercises: Run periodic incident response drills with engineering and leadership.
5. Cross-Functional LeadershipPartner with engineering, IT, legal, and people ops to weave security into hiring, onboarding, procurement, and product development.
Be the go-to security advisor for the C-suite — translate technical risk into business-level discussions.
Respond to customer security questionnaires and support sales/GTM with trust artifacts.
Fully Remote: Work from anywhere—yes, your couch in pajamas is totally fine.
Big Impact: We’re a small team, so your contributions will directly shape our future.
Lots of Learning: We’re growing, and so will you—there’s plenty of room to expand your skills and take on new challenges.
People & Culture: Expect to be surrounded by a bunch of super passionate and pretty awesome people, and a culture of trust and transparency.
Great Benefits: We care about our people, so our benefits are designed in a way to take care of all aspects of your life—professional growth, productivity, health and wealth.