Cyber Security Engineer (Compliance, Cloud Security & IT Security)

We’re hiring a hands-on Cyber Security Engineer to own and elevate the security posture of our organization end-to-end. You will lead our SOC2 compliance program, run Cloud Security Posture Management (CSPM) across our cloud footprint, and harden our day-to-day IT and SaaS environment — with Google Workspace as a critical control plane. This is a high-ownership role: you’ll set the standards, build the tooling, run the audits, and partner with engineering, IT, and leadership to make security a continuous practice rather than a one-time project. 5–8 years of experience in cyber security, cloud security, or security engineering roles. Demonstrated experience leading at least one successful SOC2 Type 2 audit (GDPR/ISO 27001 a plus). Hands-on experience operating a CSPM platform at scale in GCP and/or AWS/Azure. Strong working knowledge of Google Workspace admin security controls, including context-aware access, DLP, and audit logging. Solid grasp of identity (SSO/SAML/OIDC, MFA, SCIM), IAM best practices, and zero-trust principles. Experience with vulnerability management, endpoint security (EDR/MDM), and SIEM/log analytics. Comfortable scripting (Python, Bash) and working with IaC (Terraform) to automate security workflows. Excellent written communication — can produce clear policies, audit narratives, and customer-facing security documentation. Preferred Certifications (one or more)CISSP, CISM, or CISA ISO 27001 Lead Implementer / Lead Auditor Google Professional Cloud Security Engineer Google Workspace Administrator AWS Certified Security – Specialty or Azure Security Engineer Associate CCSP, OSCP, or GIAC certifications (GCIH, GCSA, GCED) 1. Compliance & Risk ManagementSOC2 Program Ownership: Drive end-to-end SOC2 Type 2 readiness, evidence collection, control mapping, and audit execution. Maintain continuous compliance between audit cycles. Framework Expansion: Build a flexible compliance framework that scales to GDPR, ISO 27001, HIPAA, and other regulatory regimes as the business grows. Risk Assessments: Run regular risk assessments, vendor security reviews, and third-party due diligence. Maintain the risk register and remediation roadmap. Policy & Documentation: Author and maintain security policies, standards, incident response plans, BCP/DR plans, and employee security awareness training. 2. Cloud Security & CSPMCSPM Operations: Own and operate CSPM tooling (e.g., Wiz, Prisma Cloud, Orca, or equivalent) across GCP and any other cloud environments. Triage findings, drive remediation SLAs, and tune policies. Vulnerability Management: Build and run organization-wide VM workflows across cloud infrastructure, data stores (GCP, MongoDB, Redis, etc.), containers, and endpoints. IAM & Secrets: Enforce least-privilege IAM, service account hygiene, key rotation, and secrets management across cloud and SaaS systems. Infrastructure Hardening: Partner with platform engineering to embed security guardrails into IaC, CI/CD pipelines, and Kubernetes workloads. 3. Google Workspace & SaaS SecurityWorkspace Admin Security: Serve as the security owner for Google Workspace — configure and continuously harden admin console settings, OU policies, context-aware access, DLP rules, alert center, and audit logging. Identity & Access: Manage SSO, MFA enforcement, conditional access, and lifecycle (joiner/mover/leaver) workflows across Workspace and downstream SaaS apps. SaaS Posture: Inventory and govern third-party SaaS usage; manage OAuth app allow-listing, data sharing controls, and external sharing policies. Phishing & Email Security: Tune Gmail security (SPF, DKIM, DMARC, advanced phishing/malware protection) and run user-facing phishing simulations and training. 4. Security Operations & Incident ResponseDetection & Response: Build lightweight SOC capabilities — centralize logging, define detections, and own incident response runbooks and on-call rotations. Endpoint Security: Manage EDR/MDM tooling across laptops; enforce device compliance and disk encryption. Tabletop Exercises: Run periodic incident response drills with engineering and leadership. 5. Cross-Functional LeadershipPartner with engineering, IT, legal, and people ops to weave security into hiring, onboarding, procurement, and product development. Be the go-to security advisor for the C-suite — translate technical risk into business-level discussions. Respond to customer security questionnaires and support sales/GTM with trust artifacts. Fully Remote: Work from anywhere—yes, your couch in pajamas is totally fine. Big Impact: We’re a small team, so your contributions will directly shape our future. Lots of Learning: We’re growing, and so will you—there’s plenty of room to expand your skills and take on new challenges. People & Culture: Expect to be surrounded by a bunch of super passionate and pretty awesome people, and a culture of trust and transparency. Great Benefits: We care about our people, so our benefits are designed in a way to take care of all aspects of your life—professional growth, productivity, health and wealth. Apply To This Job