Senior Security and Compliance Engineer

Location: Fully Remote

About the Opportunity:

At Seekr, we are at the forefront of innovation, pioneering solutions that redefine the way AI impacts the world. We are passionate about protecting our cutting-edge products and services from emerging treats. As we expand our horizons, we are seeking a dynamic and visionary Senior Security and Compliance Engineer to elevate our security strategy, strengthen our security posture, and safeguard our digital landscape.

The Security and Compliance Engineer role blends technical engineering skills with some strategic oversight. In this role, you will be instrumental in leading Seekr’s cybersecurity and compliance initiatives to success, and ensuring our systems and data are fortified against evolving threats. The position reports to the VP of Infrastructure and Operations.

From your first day, you will make a valuable – and valued - contribution. We are a fast-growing company where no one is a bystander. We offer you the opportunity to delight millions of consumers around the world while gaining meaningful experience across a variety of disciplines. 

Duties and Responsibilities:

• Operations Oversight: Work closely with the VP of Infrastructure and Operations on the development and implementation of comprehensive cybersecurity strategies, policies, and tasks aligned with business goals. Oversee daily operations of cybersecurity functions, ensuring effective monitoring, incident response, and threat management. Identify, assess, and mitigate potential security threats. Stay ahead of emerging risks through proactive threat intelligence and vulnerability management
• Technical Implementation: Design, implement, and manage various security systems and tools, including but not limited to firewalls (shared responsibility), intrusion detection systems, and encryption technologies. Must be ready to roll up your sleeves.
• Policy and Compliance: Establish and enforce security policies and procedures. Ensure compliance with industry standards, regulations, and drive continuous improvement. Lead yearly security and compliance certification efforts, and work with auditors
• Incident Response: Oversee and manage security incidents and breaches. Develop and execute incident response plans to minimize impact and recover swiftly
• Collaboration and Communication: Work closely with cross-functional teams to integrate security best practices. Communicate complex security concepts clearly to non-technical stakeholders
• Vendor Management: Maintain solid partnership with key security vendors in the areas of MDR, pen-testing, and auditing
• Readiness: Must be able to respond when alerted or called to remediate critical issues such as major security events during business and after-hours as needed
• Maintenance Participation: We have maintenance protocols in place to mitigate disruptions. Expect after hours work on Production Systems or impactful activities

Skills and Qualifications: 

• Experience: Proven track record of 5+ years in cybersecurity, with at least 2 years in a lead role. Experience in risk management, security and compliance, incident response, security operations, and engineering, vulnerability detection and remediation, penetration testing, automation, and knowledge of SDLC
• Security Frameworks: Strong knowledge and experience with PCI, SOC 2, NIST 800-53, FedRAMP. DoD Impact Levels would be a bonus
• Technical: Expertise in various cloud providers, operating systems, platforms, security protocols, tools and technologies such as firewalls, IDS/IPS, SIEM, and endpoint protection.
  Preferred: Windows, Mac, Ubuntu Linux, Kubernetes, Palo Alto, CrowdStrike, DarkTrace, SDLC
• Incident Response: Knowledge of incident response processes and forensic analysis techniques
• System and Network Security: Understanding of system hardening, network security, and cryptography
• Certifications: Relevant certifications such as CISSP (Certified Information Systems Security Professional
• Communications: Strong verbal and communication skills to be able to succinctly convey security posture, incidents, and improvements to senior management and other stakeholders
• Mindset: A tactical yet strategic thinker with a proactive approach to problem-solving. Adaptable and resilient in a rapidly changing environment

Pluses: 

• Knowledge and understanding of containerized environments - Kubernetes
• Knowledge and understanding of Networking Technologies
• Cloud experience and exposure to Microsoft Entra, AWS and GCP
• GovCloud
• CISM (Certified Information Security Manager, CISA (Certified Information Systems Auditor) or equivalent are highly desirable

Working conditions:

• Remote/Work from home
• Role requires flexibility with regards to schedule, and work location depending on business needs
• Travel is uncommon though may be required
• Must be able to respond after-hours when called to troubleshoot, and resolve critical issues

The US base salary range for this role is between $150,000 and $180,000 annualized plus bonus, equity value (where applicable) and benefits. Your base pay will depend on your experience, location, skills and qualifications.