About the role
We're a fast-growing startup with a small but talented engineering team, and we're hiring our first Security & Compliance Lead to build the foundation for our security program. This is a high-ownership, high-autonomy role with a broad mandate: you'll own the security and compliance surface end-to-end, from access management and SOC 2 to infrastructure security and customer trust.
You'll report to CTO with full ownership of the security and compliance domain.
In year one, the work skews toward access management, SOC 2, and customer-facing security. Over time, the role grows into broader security engineering: monitoring, incident response, vendor risk, and architecture review.
If you've built a security program from scratch before and liked it, you'll recognize this job. If you want to build something from the ground up rather than slot into an existing program, read on.
What you'll own
Access & identity management. Production access, service accounts, SSO, and the lifecycle of both - provisioning, periodic review, deprovisioning.
SOC 2. You'll own the program end-to-end, mapping controls to our environment, driving evidence collection, and getting us through Type 1 and then Type 2 and other security frameworks.
Customer trust. You'll own security questionnaires, RFP security sections, and the customer-facing trust narrative (trust center, security overview docs, DPAs).
Infrastructure security. VM lifecycle and patching, baseline hardening, secrets management, vulnerability management, and cloud security posture.
Security engineering (over time). Logging and monitoring, incident response runbooks, vendor security reviews, and partnering with engineering on secure design.
What we're looking for
Nice to have
Pro unlocks apply links & auto-apply
Spam, scam, fake employer, broken apply link — let us know and we’ll review within 24h.
Report this listing