Cyber Security Engineer (Compliance, Cloud Security & IT Security)

We’re hiring a hands-on Cyber Security Engineer to own and elevate the security posture of our organization end-to-end. You will lead our SOC2 compliance program, run Cloud Security Posture Management (CSPM) across our cloud footprint, and harden our day-to-day IT and SaaS environment — with Google Workspace as a critical control plane.

This is a high-ownership role: you’ll set the standards, build the tooling, run the audits, and partner with engineering, IT, and leadership to make security a continuous practice rather than a one-time project.

• 5–8 years of experience in cyber security, cloud security, or security engineering roles.
• Demonstrated experience leading at least one successful SOC2 Type 2 audit (GDPR/ISO 27001 a plus).
• Hands-on experience operating a CSPM platform at scale in GCP and/or AWS/Azure.
• Strong working knowledge of Google Workspace admin security controls, including context-aware access, DLP, and audit logging.
• Solid grasp of identity (SSO/SAML/OIDC, MFA, SCIM), IAM best practices, and zero-trust principles.
• Experience with vulnerability management, endpoint security (EDR/MDM), and SIEM/log analytics.
• Comfortable scripting (Python, Bash) and working with IaC (Terraform) to automate security workflows.
• Excellent written communication — can produce clear policies, audit narratives, and customer-facing security documentation.

Preferred Certifications (one or more)

• CISSP, CISM, or CISA
• ISO 27001 Lead Implementer / Lead Auditor
• Google Professional Cloud Security Engineer
• Google Workspace Administrator
• AWS Certified Security – Specialty or Azure Security Engineer Associate
• CCSP, OSCP, or GIAC certifications (GCIH, GCSA, GCED)

 1. Compliance & Risk Management

• SOC2 Program Ownership: Drive end-to-end SOC2 Type 2 readiness, evidence collection, control mapping, and audit execution. Maintain continuous compliance between audit cycles.
• Framework Expansion: Build a flexible compliance framework that scales to GDPR, ISO 27001, HIPAA, and other regulatory regimes as the business grows.
• Risk Assessments: Run regular risk assessments, vendor security reviews, and third-party due diligence. Maintain the risk register and remediation roadmap.
• Policy & Documentation: Author and maintain security policies, standards, incident response plans, BCP/DR plans, and employee security awareness training.

2. Cloud Security & CSPM

• CSPM Operations: Own and operate CSPM tooling (e.g., Wiz, Prisma Cloud, Orca, or equivalent) across GCP and any other cloud environments. Triage findings, drive remediation SLAs, and tune policies.
• Vulnerability Management: Build and run organization-wide VM workflows across cloud infrastructure, data stores (GCP, MongoDB, Redis, etc.), containers, and endpoints.
• IAM & Secrets: Enforce least-privilege IAM, service account hygiene, key rotation, and secrets management across cloud and SaaS systems.
• Infrastructure Hardening: Partner with platform engineering to embed security guardrails into IaC, CI/CD pipelines, and Kubernetes workloads.

3. Google Workspace & SaaS Security

• Workspace Admin Security: Serve as the security owner for Google Workspace — configure and continuously harden admin console settings, OU policies, context-aware access, DLP rules, alert center, and audit logging.
• Identity & Access: Manage SSO, MFA enforcement, conditional access, and lifecycle (joiner/mover/leaver) workflows across Workspace and downstream SaaS apps.
• SaaS Posture: Inventory and govern third-party SaaS usage; manage OAuth app allow-listing, data sharing controls, and external sharing policies.
• Phishing & Email Security: Tune Gmail security (SPF, DKIM, DMARC, advanced phishing/malware protection) and run user-facing phishing simulations and training.

4. Security Operations & Incident Response

• Detection & Response: Build lightweight SOC capabilities — centralize logging, define detections, and own incident response runbooks and on-call rotations.
• Endpoint Security: Manage EDR/MDM tooling across laptops; enforce device compliance and disk encryption.
• Tabletop Exercises: Run periodic incident response drills with engineering and leadership.

5. Cross-Functional Leadership

• Partner with engineering, IT, legal, and people ops to weave security into hiring, onboarding, procurement, and product development.
• Be the go-to security advisor for the C-suite — translate technical risk into business-level discussions.
• Respond to customer security questionnaires and support sales/GTM with trust artifacts.

• Fully Remote: Work from anywhere—yes, your couch in pajamas is totally fine.
• Big Impact: We’re a small team, so your contributions will directly shape our future.
• Lots of Learning: We’re growing, and so will you—there’s plenty of room to expand your skills and take on new challenges.
• People & Culture: Expect to be surrounded by a bunch of super passionate and pretty awesome people, and a culture of trust and transparency.
• Great Benefits: We care about our people, so our benefits are designed in a way to take care of all aspects of your life—professional growth, productivity, health and wealth.