About The Role
We're a rapidly scaling SaaS company and our security program is still early - which means you won't just be operating a playbook, you'll be helping write it. You'll take ownership of key security initiatives end-to-end, working closely with engineering to secure our cloud-native platform and lift our overall security posture in a meaningful, measurable way. This is a high-impact role with plenty of autonomy, ideal for someone who enjoys building security from first principles in a modern, fast-moving environment.
What You'll Do
- Build and run core security capabilities - Stand up and operate the foundations of our security stack: vulnerability management, patching, log aggregation/SIEM, cloud security monitoring, and alert triage.
- Own our security tooling - Select, deploy, configure, and fine-tune tools across scanners, WAF, CSPM/CNAPP, SIEM, and endpoint protection - and ensure they deliver actionable signal, not noise.
- Embed security into engineering workflows - Partner with product and platform engineers to make secure by default the easiest path. Help design guardrails that support, not slow down, developer productivity.
- Drive pragmatic vulnerability management - Triage and risk-assess vulnerabilities, shape remediation priorities with teams, and track progress so we're focusing on what matters most.
- Level up detection & response - Create and maintain incident response runbooks, improve detection coverage over time, and help coordinate response when things go wrong.
- Continuously improve how we operate - Refine processes, automate wherever possible, and make sure our security practices scale as the company, product, and customer base grow.
Who You Are
- Solid senior experience - Typically 5+ years in security engineering or SecOps, with hands-on, builder-style experience. Startup or scale-up background is a strong plus.
- Cloud security ownership - Demonstrated experience deploying and operating security controls in AWS.
- Depth in key security domains
Comfortable taking the lead in at least one (ideally several) of:
- Vulnerability management programs
- Cloud-native logging/SIEM
- Secure SDLC and pipeline integration
- Incident detection and response
- Developer-aware mindset - You think about the impact of controls on developer workflows and design solutions that engineers actually want to use.
- Clear, confident communication - Able to translate complex risks, constraints, and trade-offs into language that resonates with engineers, leadership, and non-technical stakeholders.
Nice to Have
- OSCP or similar offensive/security certifications
- Experience preparing for SOC 2, ISO 27001, or PCI audits
If you've ever thought, I could build a much better security program than what I'm seeing right now, this is your opportunity to actually do it.
