Remote Staff Security Engineer

Description:

• CloudQuery is seeking a talented and experienced Staff Security Engineer to join their core team.
• The role involves shaping the security strategy and ensuring infrastructure and operations adhere to industry standards.
• This is a high-impact, hands-on position focused on maintaining SOC2 attestation and overseeing risk management efforts.
• Responsibilities include collaborating with engineering, product, and executive teams to design and implement security initiatives.
• The engineer will lead end-to-end efforts to achieve SOC2 attestation and other relevant certifications.
• Management of Mobile Device Management (MDM) and other security software to enforce company-wide security policies is required.
• The role includes overseeing the implementation of security tools and practices across all departments, including DevOps, engineering, and corporate systems.
• The engineer will develop and maintain security policies, standards, and procedures that meet compliance requirements and best practices.
• Conducting regular risk assessments, audits, and reviews to identify and mitigate potential security threats is essential.
• The position involves driving security awareness and training initiatives to ensure all team members understand security best practices.
• Staying up to date with emerging security trends and technologies to continuously improve CloudQuery's security posture is necessary.
• The engineer will lead incident response planning, simulation, and real-time handling of security incidents.
• Preparation and maintenance of thorough documentation for security measures, processes, and risk management activities are required.

Requirements:

• Candidates must have 6+ years of experience in IT security, with a strong track record in managing security risk.
• Experience leading SOC2 and similar certification processes, with hands-on experience in compliance, audits, and security frameworks, is required.
• A solid understanding of MDM solutions, endpoint security, and IT management is necessary.
• Strong familiarity with cloud platforms, security best practices, and DevOps processes is essential.
• Experience in security incident management, threat detection, and vulnerability assessments is required.
• Candidates must be excellent communicators with the ability to clearly document security processes and present them to both technical and non-technical stakeholders.
• The ideal candidate should be self-driven, resourceful, and able to thrive in a remote-first environment.
• A passion for security, automation, and ensuring development velocity without compromising on safety is essential.

Benefits:

• The position offers a remote-first company culture.
• Competitive pay with significant options pack upside is provided.
• The company fosters a remote-friendly environment and culture that nurtures company and team events to stay connected.
• This high-impact role comes with lots of responsibilities and opportunities for career advancement.