Senior Cybersecurity Engineer

About Us:
Comfrt is one of the fastest-growing DTC apparel brands in the world, with a social presence that even industry giants envy. Founded just three years ago, we’ve quickly built a reputation for stylish, elevated, and functional clothing designed to deliver unmatched comfort. From subtly weighted hoodies and sweatpants to cozy blankets and even pet hoodies, every Comfrt piece is created to inspire relaxation, support well-being, and promote a positive mindset.
About the Job: 
We are seeking a highly skilled and experienced Senior Cybersecurity Engineer to join our growing Technology team. The ideal candidate will be responsible for designing, implementing, and maintaining robust security systems and protocols to protect our organization's networks, systems, and data. This role requires deep technical expertise, a proactive approach to threat detection and mitigation, and the ability to mentor junior team members.

• Design, implement, and manage enterprise-wide security architecture, ensuring alignment with business objectives and regulatory requirements (e.g., NIST, ISO 27001, PCI-DSS).
• Evaluate, recommend, and deploy new security technologies and tools, including SIEM, EDR, SASE, intrusion detection/prevention systems (IDS/IPS), and vulnerability scanners.
• Implement and manage security solutions tailored for a remote work environment, including secure remote access, endpoint security, and data loss prevention (DLP) across distributed endpoints.
• Work collaboratively with the internal Technology team to review internal architecture and provide recommendations for enhancements, improvements, or threat remediation.

• Lead efforts in vulnerability assessment, penetration testing, and risk analysis.
• Develop and execute remediation plans for identified vulnerabilities.
• Monitor access and conduct regular security audits and reviews.
• Spearhead communications and coordination with external resources for security evaluations, reviews, and program development.

• Act as a lead responder for security incidents, including investigation, containment, eradication, and recovery.
• Develop, maintain, and test the Incident Response plan.
• Manage and operate security tools and platforms, ensuring optimal performance and tuning to minimize false positives.

• Develop, document, and enforce security policies, standards, and procedures across the organization.
• Ensure continuous compliance with all relevant security regulations and internal policies.
• Collaborate with internal stakeholders and external audit teams on security-related initiatives.

• Provide technical guidance, mentorship, and training to junior cybersecurity analysts and engineers.
• Lead cross-functional projects related to security improvements, policy, and infrastructure.
• Communicate complex security concepts and risks effectively to both technical and non-technical stakeholders.

• Bachelor's degree in Computer Science, Information Security, or a related field (Master's degree preferred).
• Minimum of 5-7 years of professional experience in cybersecurity engineering or a similar role.
• Experience with network security and networking technologies (TCP/IP, SASE, ZTNA) and with system, security, and network monitoring tools.
• Proven experience with cloud security platforms (e.g., AWS, Azure, GCP) and best practices.
• Strong practical experience with scripting languages (e.g., Python, Bash) for automation of security tasks.

• Experience architecting and implementing security programs based on ISO 27001/NIST 800-171 frameworks.
• Experience analyzing and defining threat/vulnerability risk, impact, and likelihood of exploitation.
• Hands on experience with deployment and configuration of modern security stacks including SIEM, EDR/XDR, and IDS/IPS solutions.
• Comfortable with employing IaC tools to implement required security infrastructure in a cloud based environment.
• Previous experience in leading threat hunting initiatives, incident response, and security related items.

• Certified Information Systems Security Professional (CISSP)
• Comptia Security+
• Certified Cloud Security Professional (CCSP)
• GIAC certifications (e.g., GSEC, GCIA, GCIH)

Why Join Comfrt?

• Be part of a purpose-driven company that’s shaping the future of comfort and mental wellness.
• Work in a supportive, creative environment where your ideas and growth are valued.
• Enjoy Comfrt benefits such as generous paid time off, company-covered health insurance, 5% 401k match, and discounts on all Comfrt products! 
• Join a passionate team making an impact on exciting projects, all while enjoying the flexibility and collaborative support of a fully remote environment.

Comfrt is an equal opportunity employer. We are committed to building a team that represents a variety of backgrounds, perspectives, and skills.