Compliance Security Engineer

Confirmed live in the last 24 hours

Locations

United States

Experience Level

Entry

Junior

Mid

Senior

Expert

Desired Skills

AWS

Java

Python

Communications

Requirements

Develop an in-depth understanding of the Lacework platform and the cloud technologies it's built on
Maintain and improve existing certifications and successfully obtain new ones. Develop roadmap initiatives based on global customer demands & Lacework's growth strategy
Prepare for and facilitate external audits associated with various security regulatory requirements
Develop and maintain common control framework mappings to efficiently expand the compliance and auditing capabilities
Establish and track key performance metrics as service level objectives (SLOs) of security related Field requests
Drive projects, technical initiatives, and architectural/service improvements
Work with Engineering teams to prioritize and track resolution of identified issues
Always look for automation opportunities with continuous compliance as a constant objective. Become an expert at using Lacework and effectively showcase it's use for our own compliance needs. Provide a feedback loop for product improvements
Drive regular project reviews with leadership
5+ years of experience in Information Security in areas of compliance, audit, and risk; preferably at a startup
Polished professionalism developed through consulting or engaging directly with customers, auditors, and third-parties
Past experience in developing roadmap initiatives for certification efforts (e.g. GDPR, SOC 2, ISO 27001, PCI, HiTrust, FEDRAMP, etc.) and driving them through readiness and gap assessments, control implementation, and internal/third party audits
Working knowledge of how compliance operates with cloud-native technology stacks
Proficiency with common IaaS services/components and architectures
Adept in documentation: create diagrams or necessary customer artifacts including policies, standards and procedures, and bring to light areas that need improvement
Experience with responding to security questionnaires; conducting research, leading calls, and communicating with internal/external stakeholders using explicit technical details and professionalism
Self-directed and motivated to foster creative problem solving as well as out of the box thinking
Experience working remotely across many time zones and cultures
Excellent written and verbal communication skills
Security certification a plus - such as CISSP, CRISC, CISM, etc

Desired Qualifications

points: Software development background or proficiency in at least one of the following: Python, Go, or Java
points for broad exposure or experience in technologies such as containerization, real-time threat detection, secrets management, continuous deployment, and AWS/DevSecOps tools
points for experience with contract review of security & compliance addendums

At Lacework, we strive to provide a supportive, collaborative environment where people are empowered to do the best work of their careers.

Our team members enjoy solving complex problems, big sky thinking, and obsess over getting the details right. We love what we do and are proud of our work to secure clouds and container environments for thousands of users worldwide.

Cloud computing is revolutionizing IT and forcing organizations to rethink their approach to cloud security. Lacework is at the forefront of this transformation. We enable security teams to effectively secure public and private clouds – AWS, Azure, or collocations – by eliminating repetitive, manual, and labor-intensive security tasks. Using Lacework, security teams operate security at the same pace as DevOps, which relies on automated tools to publish daily updates to the cloud.

WHY LACEWORK NEEDS YOU

The InfoSec team is responsible for Security, Compliance, Risk, and Governance internally at Lacework. Our focus is to consistently maintain and improve security, earning our customer’s trust by implementing and demonstrating best in class security practices. We work collaboratively across the whole company to accomplish this goal in an era of complex regulatory requirements within a truly global economy. We are a growing team and need an experienced InfoSec practitioner to help scale compliance programs. This is part engineering role and part GRC role that will partner with Engineering, IT, Product, and the GTM/Field teams.

The ideal candidate is an engineer who knows how to apply engineering principles to Security and Compliance problems and is business-minded. You are a leader and team player with a transformational mindset. You can adapt seamlessly into the organization, technically savvy, work cross-functionally, and enjoy diving deep into a system to understand and help secure it. You have experience with certifications such as SOC 2 and ISO27K, policy writing, control procedures, interacting with external auditors, and utilizing automation to efficiently provide continuous compliance capabilities.

Your Opportunity:

Develop an in-depth understanding of the Lacework platform and the cloud technologies it’s built on.
Maintain and improve existing certifications and successfully obtain new ones. Develop roadmap initiatives based on global customer demands & Lacework’s growth strategy.
Prepare for and facilitate external audits associated with various security regulatory requirements.
Develop and maintain common control framework mappings to efficiently expand the compliance and auditing capabilities.
Establish and track key performance metrics as service level objectives (SLOs) of security related Field requests.
Drive projects, technical initiatives, and architectural/service improvements.
Work with Engineering teams to prioritize and track resolution of identified issues.
Always look for automation opportunities with continuous compliance as a constant objective. Become an expert at using Lacework and effectively showcase it’s use for our own compliance needs. Provide a feedback loop for product improvements.
Drive regular project reviews with leadership.

Your Professional Profile:

5+ years of experience in Information Security in areas of compliance, audit, and risk; preferably at a startup.
Polished professionalism developed through consulting or engaging directly with customers, auditors, and third-parties.
Past experience in developing roadmap initiatives for certification efforts (e.g. GDPR, SOC 2, ISO 27001, PCI, HiTrust, FEDRAMP, etc.) and driving them through readiness and gap assessments, control implementation, and internal/third party audits.
Working knowledge of how compliance operates with cloud-native technology stacks
Proficiency with common IaaS services/components and architectures.
Adept in documentation: create diagrams or necessary customer artifacts including policies, standards and procedures, and bring to light areas that need improvement.
Experience with responding to security questionnaires; conducting research, leading calls, and communicating with internal/external stakeholders using explicit technical details and professionalism.
Self-directed and motivated to foster creative problem solving as well as out of the box thinking.
Experience working remotely across many time zones and cultures.
Excellent written and verbal communication skills.
Security certification a plus - such as CISSP, CRISC, CISM, etc.
Bonus points: Software development background or proficiency in at least one of the following: Python, Go, or Java.
Bonus points for broad exposure or experience in technologies such as containerization, real-time threat detection, secrets management, continuous deployment, and AWS/DevSecOps tools
Bonus points for experience with contract review of security & compliance addendums.

Salary Range: $119k - $300k USD Annually + Benefits + Bonus + Equity
Actual compensation may vary based on factors such as geographic location, work experience, education/training and skill level.

Lacework is an Equal Opportunity Employer. It is the policy of Lacework to provide equal employment opportunity to all persons, regardless of age, race, religion, color, national origin, sex, political affiliations, marital status, non-disqualifying physical or mental disability, age, sexual orientation, membership, or non-membership in an employee organization, or on the basis of personal favoritism or other non-merit factors, except where otherwise provided by law

501-1,000 employees

Website

Security platform for the cloud

Company Overview

Lacework's mission is to become the security platform for the cloud. The company focuses on building modern, robust security infrastructure at scale.

Benefits

Competitive medical, dental, and vision plans
Employer contribution to health savings account (HSA)
Flexible vacation time
Parental leave for birthing and non-birthing parents
401(k) for eligible employees & competitive global retirement plans
Life insurance for eligible employees
Flexible health and mental wellness stipend
Home internet & cell phone stipend
Commuter benefits

Company Core Values

Put the Customer First
Take Pride in Leaving a Legacy
Be Open
Be Bold, Fail Fast, and Learn
Get $hit Done
Win As A Team