Compliance Security Engineer
LaceworkNeed better insight into the security of your cloud environments? Learn how Lacework can automate cloud security, prioritize risks, and help you scale.
At Lacework, we strive to provide a supportive, collaborative environment where people are empowered to do the best work of their careers.
Our team members enjoy solving complex problems, big sky thinking, and obsess over getting the details right. We love what we do and are proud of our work to secure clouds and container environments for thousands of users worldwide.
Cloud computing is revolutionizing IT and forcing organizations to rethink their approach to cloud security. Lacework is at the forefront of this transformation. We enable security teams to effectively secure public and private clouds – AWS, GCP, Azure, or collocations – by eliminating repetitive, manual, and labor-intensive security tasks. Using Lacework, security teams operate security at the same pace as DevOps, which relies on automated tools to publish daily updates to the cloud.
WHY LACEWORK NEEDS YOU
The security team is responsible for Security, Compliance, Risk, and Governance internally at Lacework. Our focus is to consistently maintain and improve security, earning our customer’s trust by implementing and demonstrating best in class security practices. We work collaboratively across the whole company to accomplish this goal in an era of complex regulatory requirements within a truly global economy. We are a growing team and need an experienced security practitioner to help scale our compliance program. This is part engineering role and part GRC role that will partner with Engineering, IT, Product, and the GTM/Field teams.
The ideal candidate is an engineer who knows how to apply engineering principles to Security and Compliance problems and is business-minded. You are a leader and team player with a transformational mindset. You can adapt seamlessly into the organization, are technically savvy, work cross-functionally, and enjoy diving deep into a system to understand and help secure it. You have experience with certifications such as SOC 2, ISO 27001, and FedRAMP, policy writing, control procedures, interacting with external auditors, and utilizing automation to efficiently provide continuous compliance capabilities.
- Develop an in-depth understanding of the Lacework platform and the cloud technologies it’s built on.
- Maintain and improve existing certifications and successfully obtain new ones. Develop roadmap initiatives based on global customer demands & Lacework’s growth strategy.
- Prepare for and facilitate external audits associated with various security regulatory requirements.
- Develop and maintain common control framework mappings to efficiently expand the compliance and auditing capabilities.
- Establish and track key performance metrics as service level objectives (SLOs) of security related Field requests.
- Drive projects, technical initiatives, and architectural/service improvements.
- Work with Engineering teams to prioritize and track resolution of identified issues.
- Always look for automation opportunities with continuous compliance as a constant objective.
- Become an expert at using Lacework and effectively showcase its use for our own compliance needs. Provide a feedback loop for product improvements.
- Drive regular project reviews with leadership.
Your Professional Profile:
- 10+ years of experience in Information Security in areas of compliance, audit, and risk; preferably with some experience at a startup.
- Polished professionalism developed through consulting or engaging directly with customers, auditors, and third-parties.
- Past experience in developing roadmap initiatives for certification efforts (e.g. GDPR, SOC 2, ISO 27001, PCI DSS, HITRUST, FedRAMP, etc.) and driving them through readiness and gap assessments, control implementation, and internal/third-party audits.
- Working knowledge of how compliance operates with cloud-native technology stacks
- Proficiency with common XaaS services/components and architectures.
- Adept in documentation: create diagrams or necessary customer artifacts including policies, standards and procedures, and bring to light areas that need improvement.
- Experience with responding to questions about GRC; conducting research, leading calls, and communicating with internal/external stakeholders using explicit technical details and professionalism.
- Self-directed and motivated to foster creative problem solving as well as out of the box thinking.
- Experience working remotely across many time zones and cultures.
- Excellent written and verbal communication skills.
- Bonus points: Software development background or proficiency in at least one of the following: Python, Go, or Java.
- Bonus points for broad exposure or experience in technologies such as containerization, real-time threat detection, secrets management, continuous deployment, and AWS/DevSecOps tools
- Bonus points for experience with contract review of security & compliance addendums.
Salary Range: $220k - $300k USD Annually + Benefits + Bonus + Equity
Actual compensation may vary based on factors such as geographic location, work experience, education/training and skill level.
Lacework is an Equal Opportunity Employer. It is the policy of Lacework to provide equal employment opportunity to all persons, regardless of age, race, religion, color, national origin, sex, political affiliations, marital status, non-disqualifying physical or mental disability, age, sexual orientation, membership, or non-membership in an employee organization, or on the basis of personal favoritism or other non-merit factors, except where otherwise provided by law
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Information Security Specialist jobs
- Open Senior Information Security Analyst jobs
- Open IT Security Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Consultant SOC / CERT H/F jobs
- Open Senior Information Security Engineer jobs
- Open Information Security Officer jobs
- Open Security Operations Engineer jobs
- Open Analyste CERT / Incident Responder junior (H/F) jobs
- Open Ingénieur DevSecops H/F jobs
- Open Staff Security Engineer jobs
- Open Cybersecurity Consultant jobs
- Open Senior Security Architect jobs
- Open Chief Information Security Officer jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Analyste CERT / Incident Responder senior (H/F) jobs
- Open o365 Security Architect jobs
- Open Senior Security Analyst jobs
- Open Principal Security Engineer jobs
- Open Senior Cyber Security Engineer jobs
- Open Staff Product Security Engineer jobs
- Open Electronic Warfare Advanced Tactical Trainer jobs
- Open Product Security Engineer jobs
- Open Security Researcher jobs
- Open Cyber Security Architect jobs
- Open GCP-related jobs
- Open SOC-related jobs
- Open Risk assessment-related jobs
- Open Network security-related jobs
- Open Governance-related jobs
- Open Pentesting-related jobs
- Open ISO 27001-related jobs
- Open Analytics-related jobs
- Open CISM-related jobs
- Open SaaS-related jobs
- Open Threat intelligence-related jobs
- Open IAM-related jobs
- Open Malware-related jobs
- Open Java-related jobs
- Open Security Clearance-related jobs
- Open Vulnerability management-related jobs
- Open CISA-related jobs
- Open DevOps-related jobs
- Open Kubernetes-related jobs
- Open Security assessment-related jobs
- Open Forensics-related jobs
- Open APIs-related jobs
- Open SQL-related jobs
- Open CI/CD-related jobs
- Open EDR-related jobs