Security Engineer- job post

April 9, 2026

Apply for this job

Email *

Job Description

United States•Remote

Full-time

Job details

Job type

  • Full-time

Full job description

We’re looking for a mid-level security engineer to join our small security team and work directly alongside our Head of Platform Security. This is a hands-on, execution-focused role. You’ll contribute across the full security programme — compliance evidence, vulnerability management, and detection operations — doing real work in the tools every day.

This is not a strategy role. You’ll be supporting and executing within a programme that’s already defined. What we need is someone technically capable, detail-oriented, and comfortable operating across multiple domains without losing the thread on any of them.

What you’ll be doing

Compliance

  • Collect and maintain compliance evidence in our GRC tooling, keeping controls current and audit-ready
  • Identify and flag control gaps before they surface as audit findings
  • Support evidence requests across active compliance programmes and assist with auditor liaison as needed
  • Maintain accurate, current entries in the risk register
  • Management and upkeep of our GRC platform
  • Create and maintain our Security policies

Platform Security

  • Assist with building out platform security processes
  • Triage vulnerability findings from our internal tooling,
  • Create and track remediation tickets in Linear
  • Follow up with engineering to drive findings to closure
  • Complete Security questionnaires from potential customers

Operational Security

  • Monitor and triage alerts from our SIEM; escalate genuine incidents with context and a recommended action, not just raw alerts
  • Tune detection rules to reduce noise and improve signal quality
  • Support incident response activities as they arise
  • Implement Security controls

General programme support

  • Support access reviews and identity governance hygiene
  • Contribute to security documentation — policies, runbooks, and playbook updates
  • Pick up ad hoc security programme tasks as directed by the Head of Platform Security

Requirements


Required

  • 3–5 years in a security engineering, SecOps, or compliance engineering role
  • Direct, hands-on experience with a compliance audit cycle — evidence collection, control testing, not just awareness
  • Experience with SIEM tooling and alert triage — Wazuh, Splunk, Datadog Security, or equivalent
  • Exposure working in AWS environments
  • Strong written communication — able to produce a clear, concise risk summary without extensive direction
  • Able to work independently across multiple workstreams without losing detail


Valued

  • Experience across multiple compliance frameworks (SOC 2, ISO 27001, HIPAA, etc)
  • Relevant certifications (CISSP, CISM, Security+, OSCP)

Who you are

  • You treat compliance as an operational discipline, not a documentation exercise
  • You can hold context across compliance, detection, and vuln management in the same week — and deliver on all of them
  • You escalate with context: not just ‘here’s an alert’ but ‘here’s what it means and what I recommend we do’
  • You ask good questions and raise concerns early, rather than quietly working around them
  • You’re comfortable in a lean team where scope is broad and not everything is handed to you on a plate