Senior Security EngineerDepartment: Engineering
Employment Type: Full Time
Location: Remote (Canada)
Reporting To: Nate Kis
Compensation: $157,883 - $168,430 / year
DescriptionWe are hiring our
first Security Engineer to join our Engineering team!
Join our growing team as the founding Security Engineer here at Spare. You'll play a pivotal role in enhancing our security practices, driving key security initiatives, and ensuring compliance with industry standards. We're a sub-200-person company that values agility, collaboration, and multi-tasking in a high-growth environment.
Our Spare HQ is in Vancouver - BC, but this position is open to remote work options across Canada. If you like coming into an office, you can work from our HQ as desired, and we also provide a co-working stipend for those who wish to work in an office outside Vancouver.
About this role In this role you will focus on:
- Security Engineering Projects: Lead large-scale security engineering projects and inject security practices into our SDLC. You'll be working cross-functionally to add security initiatives to our quarterly roadmap.
- Security Audits & Compliance: Oversee and support the security audit process, ensuring we meet SOC2, ISO, and other industry compliance standards. Ensure that compliance documentation is up to date and distributed across teams.
- Detection & Incident Response: Use our tools to monitor security events and handle incident responses. Communicate security incidents and follow up with relevant teams.
- Corporate Security: Ensure our corporate security is robust with ongoing monitoring, phishing tests, and endpoint security practices. Collaborate with our office manager to outsource specific operational tasks.
- Operational Excellence: Your role is crucial in maintaining a strong security posture across the company. You will manage the [redacted] email inbox, evaluating external security assessments and collaborating with engineering teams for prompt remediation. Ensuring efficient management of employee access during onboarding and offboarding processes is also key.
About you You have...- 5 years or more of cybersecurity experience, having worked in a similar capacity within a start-up or scale-up (sub-200 employees)
- Proven experience with application security, network security, web application firewalls, and code security/analysis.
- Hands-on experience supporting audits, with a solid understanding of audit processes.
- Ability to thrive in an agile environment, handling multiple security and compliance tasks simultaneously.
- Excellent communication skills in order to collaborate effectively across departments.
It will be considered a plus (nice-to-have):- Security experience in Google Cloud Platform (GCP).
- Proficiency in Typescript, Terraform, and Kubernetes.
- Experience with security compliance tools such as Vanta.
- Led efforts to achieve SOC2, ISO27001 certifications.
- Flexibility to handle a role that's 50% security engineering and 50% compliance and corporate security.
- Passion for transit, and mobility