We are looking for a Security Engineer who will contribute to establishing and maturing our control environment. Here you will lead evidence collection/documentation in support of internal and external audits, monitoring activities, and remediation follow-up with customers and prospects.
Our award-winning technology powers conversations with customers for some of the world’s largest enterprises. We believe that combining the human touch with technology is the best way to create amazing customer experiences. When human abilities such as problem-solving, creative thinking, and relationship building are enhanced with technology... magical moments happen.
Does this sound like you? If so, you’re probably one of us.
- You’re a pro, but love a good laugh
- You’re independent, but love to collaborate
- You have a heart for coaching and mentoring
- You’re insatiably curious
- You thrive in fast-paced environments
- You don’t mind a good debate to find the best ideas
- You love to take the lead and focus on results
In this role, you’ll be a key member of the company’s Information Security and Compliance Team by supporting ongoing compliance activities and monitoring efforts across different regulations and standards(GDPR, SOC 2, ISO/IEC, HIPAA, etc.).
What you'll do
- Manage operational, regulatory, and certification security requirements (SOC requirements) to ensure the successful completion of compliance audits
- Work closely with the InfoSec teams to automate procedural and technical compliance controls
- Guide technical and operational decision-making towards future product offerings and efficient organizational processes
- Partner with engineers to interpret and map compliance requirements to product implementation
- Engage with (internal and external) subject matter experts in order to develop, edit, and revise documentation including standard operating procedures, system security plans, and policies and procedures
- Review existing IT compliance controls for regulatory updates against FSSC, FFIEC, GLBA, and NIST frameworks.
- At least two years of Compliance or Audit experience working with Industry regulations and standards (SOC 2, PCI, GDPR, ISO/IEC 27001, HIPAA)
- Familiarity with compliance and risk management frameworks, such as SOC 2, SOX, ISO/IEC 27001, PCI, GDPR, Cloud Computing Security Requirements Guide (SRG)
- Experience with Terraform and AWS
- A deep understanding of cloud infrastructure and security concepts
- Demonstrated strong project management skills with experience managing and reporting on multiple inflight projects at any one given time
- Excellent communication skills in English.
- Proficiency with security concepts (encryption, authentication, etc.) and tooling for continuous monitoring
- The ability to clearly communicate compliance requirements to internal engineering teams and associated implementation to external customer
- Knowledge and experience with FedRAMP and NIST
- Fluency in Spanish
- Experience automating with Ansible
- Exciting, dynamic and rapid growth environment
- Collaborative culture with autonomy and purpose
- Incredible mentors & investors that are an active part of the company
- Team events including nights out and team travel
- Free gym membership (you have to commit to going 3x per week!)
- Diversity: 18 languages and 11 countries represented
- Competitive base salary & benefits
- Participation in the employee option pool