Security Engineer

Security & Compliance Engineer for Cloud Product and Internal Systems

At Vouched, we are building an identity verification platform for developers. Companies use

Vouched to verify identity while onboarding and authenticating users. We make identity

verification easy with a combination of machine learning and data checks. Our customers

leverage our APIs, integrations, and no-code solution to onboard customers to their systems. At

Vouched, your work provides people with frictionless and fair access to healthcare, financial

services, and work opportunities.

What We Do

● We automate identity verification at scale and are growing fast

● We service early-stage startups, unicorns, and large enterprises, with a focus on the

developer experience. Check out our docs here to learn how our customers use our

platform

● We run on a modern cloud infrastructure powered by automated integration and unit

testing, provisioning, deployments, monitoring, and notifications

● We prioritize our work using light weight methodologies and collaborative

communications

What You'll Do
We need someone who can drive security & compliance engineering across the organization.

This includes ensuring our Google Cloud Platform (GCP) infrastructure, applications and IT

processes are secure and compliant with ISO 27001 and SOC 2 Type II and are following best

security practices.

We already have a great foundation - we’re compliant with ISO 27001 and SOC 2 Type II and

we have Vanta, Rippling in place and integrated with our systems to ensure policies and

controls are implemented. We need someone to manage this and continue to automate and

implement it as we scale our product infrastructure.

● Work closely with our engineering team ensures we’re building and operating the

product in a secure and compliant way.

● Perform and automate security and compliance processes (managed via Vanta).

● Facilitate annual audits with proof that our controls are in place for audits both for

internal process reviews and for auditors.

● Help our customer-support team answer questions related to security and privacy

questionnaires.

● Help our engineering team automate everything from commit to production such that

things are tested, reliable, and secure and moving fast.

● Ensure that our cloud applications from Google Workspaces/GSuite to Salesforce to

Slack to Snowflake are all integrated with our SSO.

● Handle provisioning or deprovisioning employees or contractors through our systems (all

managed via Rippling).

● Assist engineering debugging and troubleshooting issues in our production

infrastructure.

● Participate in infrastructure on-call rotations

Requirements

● Experience automating ISO 27001 and SOC 2 Type 2 (or similar) technical requirements

● Experience managing the lifecycle of compliance processes

● Knowledge of scripting languages (e.g., Python, Bash) and infrastructure as code (IaC)

principles

● Expertise in cloud infrastructure (e.g., AWS, Azure, GCP) and automation tools (e.g.,

Terraform, Ansible)

● Experience with deploying and supporting containerize applications (e.g., Kubernetes,

ECS)

● CI/CD processes on production cloud infrastructure, i.e. AWS or GCP

● Understanding of asynchronous and distributed microservices architectures

Benefits

Benefits

• Flexible paid time off
• Healthcare
• Vision
• Equity compensation
• Flexible remote, work-from-home arrangements
• Parental leave
• $150,000 to $250,000 OTE

This is a remote role - however, you must be based in the US (US work authorization required)