Security Specialist
Indexed description
We are seeking a Security Specialist to own and drive our information security and compliance program across our AWS cloud infrastructure. You will be the primary technical owner of our SOC 2 Type II compliance posture, IAM/SSO governance, vulnerability management, and security monitoring — working closely with our DevOps and engineering teams to embed security into every layer of the stack. To ensure seamless alignment with our product and leadership teams, this role requires a daily 4-hour overlap with US working hours.
Key Responsibilities:
Security & Compliance
- Serve as the primary technical lead for SOC 2 Type II compliance, leveraging automated compliance platforms to ensure continuous control monitoring and evidence collection.
- Manage Identity and Access Management (IAM) and Single Sign-On (SSO) integrations to enforce a strict least-privilege access model.
- Lead vulnerability management, dependency scanning, penetration testing remediation, and threat modeling exercises.
- Own incident response procedures and continuous security monitoring.
- Audit and harden IAM policies, KMS key usage, and network security configurations across AWS.
Security Engineering & Collaboration
- Partner with the DevOps team to integrate automated security testing (SAST/DAST) into CI/CD pipelines (GitHub Actions, GitLab CI, or Jenkins).
- Review Infrastructure as Code (Terraform or CloudFormation) for secure-by-design configuration and run automated compliance scanning (e.g., AWS Security Hub, Bridgecrew/Checkov).
- Support the security posture of containerized workloads running on Docker and Kubernetes (EKS).
- Monitor security-relevant signals across logging, metrics, and alerting tools (DataDog, Prometheus, AWS CloudWatch).
Stakeholder Communication
- Act as the technical point of contact for security and compliance matters with US stakeholders.
- Maintain availability for a minimum 4-hour daily overlap with US business hours for synchronous collaboration and incident response alignment.
Required Qualifications and Skills
- Experience: 4+ years in a security engineering, InfoSec, or DevSecOps role.
- Cloud Platform: Strong working knowledge of AWS core services from a security perspective (IAM, VPC, S3, RDS, KMS, EKS, Route53).
- Compliance & InfoSec: Hands-on experience preparing for, achieving, or maintaining SOC 2 compliance frameworks.
- Identity & Access: Experience managing IAM and SSO (e.g., Okta) for least-privilege access and lifecycle management.
- Vulnerability Management: Practical experience with vulnerability scanning, penetration test remediation, and threat modeling.
- Containers: Working knowledge of Docker and Kubernetes (EKS) security fundamentals.
- Timezone & Communication: Exceptional English communication skills, with the ability to commit to a consistent daily schedule providing at least 4 hours of overlap with US business hours (e.g., EST/PST).
Preferred & Bonus Skills
- Compliance Automation: Hands-on experience with Vanta (or similar platforms like Drata/Secureframe) for automated SOC 2 readiness and continuous monitoring.
- Identity & Access Management: Experience configuring and managing Okta for enterprise SSO, lifecycle management, and RBAC integrations across AWS and engineering tools.
- Certifications: AWS Certified Security – Specialty, CISSP, CCSK, or equivalent security credentials.
- Familiarity with IaC security scanning tools (Checkov, Bridgecrew) and SAST/DAST tooling.
What Success Looks Like in the First 90 Days
- Day 30: Audit our existing Vanta dashboard and Okta group mappings, and review our current AWS IAM footprint and security tooling.
- Day 60: Identify gaps in our current security posture and implement automated compliance scanning (e.g., AWS Security Hub, Bridgecrew/Checkov).
- Day 90: Streamline the automated evidence-collection process within Vanta for our next SOC 2 audit, optimize Okta authentication pipelines, and introduce automated security linting into the team's deployment workflow.
Create a free Caio profile to unlock more results and save your role and location preferences.
Unlock free search