Welcome to RemoteYeah 2.0! Find out more about the new version here.

Remote Security Lead

at LocalStack

Posted 3 weeks ago | 0 applied

Description:

  • LocalStack is a fast-growing Series A startup focused on revolutionizing cloud development processes and enhancing dev and test feedback loops.
  • The company has recently closed a $25 million funding round in Q4 2024, led by Notable Capital, CRV, and Heavybit.
  • LocalStack provides a high-fidelity emulator and local cloud development platform, allowing developers to build and test cloud applications entirely on their local machines within a lightweight cloud sandbox running in Docker.
  • The mission of LocalStack is to empower developers to rapidly build and test their cloud applications, improving the development experience while saving time and resources.
  • The company has a large open-source community with over 57k stars on GitHub, 100k active users worldwide, and 290M+ downloads to date.
  • LocalStack serves a diverse customer base, ranging from small and medium-sized businesses to Global Fortune 500 companies.
  • The team is globally distributed, with headquarters in Zurich, Switzerland, and a main engineering office in Vienna, Austria, along with remote team members from various countries.

Requirements:

  • Candidates must have 7+ years of experience in a security engineering or security compliance role.
  • Experience leading vendor risk assessments and building compliance frameworks from the ground up is required.
  • A strong background in API design and development, as well as DevSecOps, incident response, and risk-driven security leadership is essential.
  • Responsibilities include completing and submitting vendor risk assessments, identifying compliance gaps, engaging with stakeholders for data collection, and delivering scalable processes.
  • Candidates should define and implement regular security auditing procedures, maintain documentation of security controls, and generate internal audit reports quarterly.
  • Collaboration with engineering teams to ensure secure configurations and permission models is necessary.
  • Knowledge of threat modeling, vulnerability management, and tools related to intrusion detection and network security is expected.
  • Practical experience with cloud security, preferably AWS, is required.
  • Familiarity with common standards such as SOC 2, ISO 27001, and GDPR is preferred, even if not formally certified.
  • Strong documentation skills and the ability to communicate complex topics to non-experts are essential.
  • Understanding of US and EU security and compliance expectations is necessary.
  • A strong preference is given to candidates with prior engineering experience, even if they are not coding daily.
  • Candidates should be proactive, pragmatic, and capable of making risk-based decisions.

Benefits:

  • The position is fully remote, allowing for flexible work arrangements.
  • A competitive salary is offered, along with a performance bonus.
  • Competitive share options are available to employees.
  • An annual company retreat is organized for team bonding and collaboration.
  • Employees are provided with the best equipment necessary for their roles.
  • A learning budget is allocated to support professional development and growth.