Senior Security Engineer

📋 Description

• Take ownership of and enhance Overstory’s compliance program, ensuring continuous alignment with SOC 2, ISO 27001, and other pertinent frameworks.

• Manage vulnerability processes from detection to remediation, collaborating closely with engineering teams to efficiently prioritize and address risks.

• Develop and refine security protocols and controls across infrastructure, applications, and internal systems.

• Provide security insights in architecture and engineering decisions, assisting teams in creating systems that are secure by design.

• Supervise and enhance identity and access management, endpoint security, and fundamental IT security practices.

• Lead vendor security and third-party risk management, which includes assessments, risk evaluation, and mitigation strategies.

• Direct audit preparation and execution for SOC 2 and ISO 27001, encompassing control design, evidence gathering, and auditor coordination.

• Collaborate with customer-facing teams to manage security questionnaires and establish scalable, high-quality response processes.

• Contribute to fostering security awareness and culture, mentoring peers and elevating the security standards throughout the organization.

⛳️ Requirements

• Over 5 years of experience in security engineering, security operations, or a related discipline.

• Hands-on experience with security and compliance frameworks such as SOC 2 and/or ISO 27001, including familiarity with audit processes.

• Extensive experience in vulnerability management, including tools, prioritization, and remediation processes.

• Proficient in working across cloud environments (AWS, GCP, or Azure) and modern SaaS platforms.

• Knowledgeable in identity and access management, endpoint security, and IT/security operations.

• Proven ability to convey security risks into clear, actionable recommendations for both technical and non-technical stakeholders.

• Evidence of experience (or at least a strong interest) in utilizing AI tools to enhance business impact.

• Excellent written communication skills, with comfort in managing documentation and audit artifacts.

• A proactive and practical mindset, capable of balancing security best practices with business requirements.

• Experience in cross-functional collaboration, influencing without authority in a remote-first setting.

🏝️ Benefits

• Competitive, location-specific compensation and benefits.

• A flexible, autonomous, and collaborative working environment based on trust—our workdays are designed around our lives, not the other way around.

• Home office stipend, coworking, and ongoing education budgets.

• A company culture that genuinely reflects our core values.

• The opportunity to engage in mission-driven work that mitigates wildfires, preserves the planet's natural resources, and addresses our climate crisis.