As a Senior Information Security Engineer, you will enhance security posture, manage vulnerability programs, ensure compliance with standards, and coordinate audits.
Who Are We:
We are COMPLY.
For compliance people.
COMPLY is the leading global provider of comprehensive regulatory compliance software and solutions for the financial services sector. Our OneCOMPLY™ platform provides an all-in-one approach to address firm and employee compliance requirements through a configurable and scalable software-as-a-service (SaaS) platform coupled with expert consulting services.
COMPLY serves thousands of financial services clients including Broker Dealers, Investment Banks, Private Funds, RIAs, and Wealth Managers who rely on COMPLY to power their compliance programs.
To learn more about COMPLY, visit COMPLY.com
COMPLY is seeking a Senior Information Security Engineer with 7–10 years of combined IT and cybersecurity experience to help protect our organization’s systems and data. The ideal candidate has hands-on experience with securing modern IT, networking, and cloud infrastructure, and implementing controls aligned with frameworks such as SOC 2, ISO 27001, regulatory, and privacy requirements (e.g., GDPR, CCPA, EU DORA.) They are skilled in vulnerability management, SIEM administration, incident response, continuous security monitoring, and supporting audit compliance activities. This role will be pivotal in strengthening our security posture and ensuring compliance with industry standards. The individual must be solutions oriented and a self-starter that can work autonomously in a fully remote environment.
Responsibilities:
- Design, implement, and maintain security controls and policies to ensure compliance with SOC 2 and ISO 27001 standards.
- Developing and updating security procedures, access controls, and monitoring mechanisms in line with these frameworks’ requirements for delegation.
- Lead the organization’s vulnerability management program, including regular vulnerability scanning, assessment, and remediation efforts with Rapid7 InsightVM. Track and report on vulnerability status and trends monthly and drive continuous improvement in reducing risk exposure.
- Manage, configure, tune, optimize, and develop reports using the company’s Security Information and Event Management (SIEM) system Rapid7 InsightIDR.
- Investigate suspected security events and ensure that threats are detected, analyzed, and escalated in a timely manner. Coordinate with Infrastructure Operations and our 24/7/365 SOC vendor to resolve security incidents.
- Deploy and maintain detection tools like SentinelOne, Defender for Cloud/Endpoint, AWS GuardDuty, AlertLogic WAF, and cloud security monitoring that provide real-time visibility into security events.
- Establish processes to review logs and alerts, watch for anomalous behavior or indicators of compromise, and take proactive action when issues arise.
- Manage and administer the organization’s email spam filter, Mimecast, to include developing email filters and executing quarterly phishing exercises.
- Coordinate with external auditors to support security audits, assessments, and certifications such as SOC 1, SOC 2, and ISO 27001.
- Gather evidence of control effectiveness, maintain documentation (policies, procedures, risk assessments, etc.), and remediate any findings or non-conformities identified during audits. Pursue methods to automate artifact collection for annual audits.
- Lead routine internal audits to ensure ongoing compliance with security policies and standards, and drive improvements based on observations.
- Develop and refine security policies, standards, exercises, and guidelines in collaboration with the CTO senior leadership team.
- Ensure that policies address compliance requirements (e.g., access management, data protection, incident response) and are updated regularly.
- Contribute to security awareness training efforts and phishing exercises and educate employees on cybersecurity best practices.
- As a senior member of the security team, be prepared to lead out incident response activities, determine root cause, and impact to COMPLY.
- Tune security tools for better incident detection and participating in post-incident reviews to implement lessons learned.
- Collaborate with Infrastructure, Product, and Engineering teams to ensure security is embedded in development, IT infrastructure, and new projects.
- Advise and assist in implementing system configurations, conducting security design reviews, and recommending enhancements to meet security best practices in cloud-based environments (AWS, Azure.)
- Support due diligence requests from customers to include responding to questionnaires, engaging with customers via phone or email on an as-needed basis, supporting assessments, and building/maintaining COMPLY’s Trust Center.
Qualifications:
- 7–10 years of combined experience in IT and cybersecurity.
- Bachelor’s degree from an accredited institution in Computer Science, Information Security, Information Technology, or a related field.
- At least one industry certification with CISSP, CCSP, CASP+, CISM, or GIAC certifications being highly preferred.
- Experience supporting security for a B2B SaaS enterprise offering services to a regulated industry (e.g., Finance, Healthcare, Government) is preferred
- Proactive and self-driven individual with the ability to work independently in a remote setting. Excellent collaboration and communication skills with cross-functional and international teams.
- Knowledge of SOC 2, ISO 27001, or similar standards and experience aligning security programs with these or similar frameworks.
- Hands-on experience managing vulnerability management, EDR, and SIEM systems with preference on Rapid7, SentinelOne, and Microsoft Defender.
- Demonstrated proficiency with security in cloud and enterprise environments (AWS, Microsoft 365, Azure).
- Experience developing continuous monitoring processes, detection systems, and incident response best practices.
COMPLY is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, disability, sex, sexual orientation, gender identity, or national origin. Nothing in this job posting should be construed as an offer or guarantee of employment.
The company offers a wide range of perks including:
- Comprehensive medical, dental and vision insurance at little to no cost starting on day one
- 401k with a company match
- Supplemental benefits at a discounted rate including home, auto and pet insurance
- Unlimited PTO
- Professional Development reimbursements
- Remote opportunities available for most positions
- Time to get together in person for company happy hours, team offsites and more
Applicants must be authorized to work for any employer in the United States. Currently, we are unable to sponsor or take over sponsorship of an employment Visa at this time.
COMPLY is aware of scammers posing as COMPLY employees and extending job offers via direct messaging, texts and social media platforms. These are fraudulent and should be treated as such. To learn more about this, please review our Statement of Fraudulent Job Offers.
Top Skills
Alertlogic Waf
AWS
Aws Guardduty
Azure
Ccpa
Defender For Cloud
Gdpr
Iso 27001
Microsoft 365
Mimecast
Rapid7 Insightidr
Rapid7 Insightvm
Sentinelone
Soc 2
Similar Jobs
Artificial Intelligence • Cloud • HR Tech • Information Technology • Productivity • Software • Automation
As a Senior Staff Information Security Engineer, you will secure the infrastructure, implement security controls, and lead strategic initiatives to reduce risks and enhance resilience.
Top Skills:
AnsibleAutomation ToolsBashCitrixCryptographyGoHyper-VJSONLinuxPkiPuppetPythonRest ApisSIEMSplunkSQLTlsVMwareVpnsWindowsXML
Artificial Intelligence • Cloud • HR Tech • Information Technology • Productivity • Software • Automation
The Senior Staff Information Security Engineer will design and implement security measures for infrastructure, lead initiatives to enhance resilience, and mentor engineers.
Top Skills:
AnsibleBashCitrixGoHyper-VLinuxPuppetPythonSplunkVMwareWindows
Artificial Intelligence • Cloud • HR Tech • Information Technology • Productivity • Software • Automation
The role focuses on defining security strategies for infrastructure, hardening systems, automating controls, and mentoring engineers while managing risks and compliance.
Top Skills:
AIAnsibleBashCitrixGoHyper-VJSONPuppetPythonRest ApisSplunkSQLVMwareXML
What you need to know about the Los Angeles Tech Scene
Los Angeles is a global leader in entertainment, so it’s no surprise that many of the biggest players in streaming, digital media and game development call the city home. But the city boasts plenty of non-entertainment innovation as well, with tech companies spanning verticals like AI, fintech, e-commerce and biotech. With major universities like Caltech, UCLA, USC and the nearby UC Irvine, the city has a steady supply of top-flight tech and engineering talent — not counting the graduates flocking to Los Angeles from across the world to enjoy its beaches, culture and year-round temperate climate.
Key Facts About Los Angeles Tech
- Number of Tech Workers: 375,800; 5.5% of overall workforce (2024 CompTIA survey)
- Major Tech Employers: Snap, Netflix, SpaceX, Disney, Google
- Key Industries: Artificial intelligence, adtech, media, software, game development
- Funding Landscape: $11.6 billion in venture capital funding in 2024 (Pitchbook)
- Notable Investors: Strong Ventures, Fifth Wall, Upfront Ventures, Mucker Capital, Kittyhawk Ventures
- Research Centers and Universities: California Institute of Technology, UCLA, University of Southern California, UC Irvine, Pepperdine, California Institute for Immunology and Immunotherapy, Center for Quantum Science and Engineering
