Senior Security Engineer

As the Senior Security Engineer, you will play a critical role in safeguarding our organization’s data and systems. You will be responsible for implementing and maintaining security measures to protect the organization's infrastructure, assets, data, and personnel in close collaboration with the Director of Information Security and Compliance. You will also help manage our compliance programs, including SOC2, HIPAA, ISO, GDPR, CCPA, and emerging state and country privacy laws. You will also provide crucial technical security expertise to support the sales process. Your duties will include, but are not limited to:

• Execute our comprehensive security program, including implementing policies, procedures, standards, and guidelines that align with industry standards and best practices. 
• Work with cross-functional teams to implement security measures that align with business objectives. 
• Conduct daily monitoring, triage, and escalation of GCP security alerts from various systems. 
• Manage submissions from our Responsible Disclosure program. 
• Deploy, maintain, and tune security technologies, tools, and systems to enhance the organization's security posture. 
• Maintain situational awareness of emerging risks for our organization’s technology stack and escalate as needed. 
• Conduct scheduled and on-demand security assessments for software solutions, vendors, tools, and business processes, including development of risk mitigation plans. 
• Support the sales engineers by providing technical expertise on security requirements for potential and existing customers, including customer-facing sales calls. 
• Help develop security presentations and training materials to support internal and customer security objectives. 
• Perform scheduled and on-demand vulnerability scanning against networks and applications. 
• Investigate, triage, and respond to security incidents, ensuring proper documentation and escalation.
• Leverage AI tools and large language models to enhance security operations, risk assessment and management, vulnerability analysis, and incident response workflows.
• Maintain awareness of AI-specific security considerations and develop mitigation plans as needed.
• Implement product security features and capabilities in collaboration with the product development team. 

Requirements

• 5 years experience in information security, with hands-on experience in security operations and compliance frameworks such as SOC2.
• Ability to balance risk with business objectives when designing and implementing practical and effective security solutions.  
• Strong communication skills with the ability to explain complex security concepts to various stakeholders. 
• Experience with cloud security, specifically in Google Cloud Platform (GCP). 
• Experience implementing and maintaining security tools and controls, including SDLC and GRC tools.
• Ability to clearly articulate how our security program addresses customer security requirements.
• Proven ability to evaluate and track risks through resolution using logic and deductive reasoning. 
• Strong knowledge of security best practices and technologies, including access control, identity management, attack surface management, and incident response. 
• Hands-on experience with tools for security monitoring, vulnerability scanning, and security testing, including use of AI features.. 
• Understanding of common security framework requirements including NIST and ISO and ability to map controls to compliance requirements. 
• Proficiency with a scripting language for automating security operations. 
• Relevant security certifications such as CISSP, GIAC/GSEC, GCP platform-specific security certifications, Security+, and/or SSCPs are preferred. 

Benefits

• Competitive compensation and benefits
• Position is remote within US (Austin preferred)
• Minimal travel 
• Limited physical demands

If you are a security professional with a strong technical background and passion for implementing robust security measures, we encourage you to apply for this opportunity.

ActivTrak is an equal opportunity employer. We celebrate diversity and are committed to creating an inclusive environment for all employees. ActivTrak does not discriminate on the basis of race, color, religion, sex, national origin, political affiliation, sexual orientation, marital status, disability, age, protected veteran status, gender identity or any other factor protected by applicable federal, state or local laws.