IT Security Engineer

Plastiq is seeking an IT Security Engineer to design, implement, and maintain security-related systems and processes across a broad spectrum of corporate applications, data, and infrastructure. Part hacker and part architect, you will wear a handful of hats: SaaS security expert, bot and automator author, and best-practice evangelist.
You will be the subject-matter expert for securing our corporate IT systems from an administrative and engineering standpoint, empowering Plastiq to efficiently and safely scale the business alongside its “perimeter-less” workforce. The end goal is an extensible, zero-trust approach to storing and accessing data across the entire IT systems portfolio.
The successful candidate for this role will be detail-oriented, security-obsessed, and familiar with the complexities of securing a cloud-first approach to corporate applications, data, and architecture. Plastiq is a largely remote-first work culture: the successful candidate will be self-motivated and driven, while working towards collaborative deliverables.
If the above sounds like you, Plastiq wants to help you find your inner G.O.A.T. (greatest of all time)!

Your Responsibilities

• Design and implement best-practice security configurations across a broad-spectrum SaaS stack, including tools such as Google Workplace, Slack, Salesforce, Snowflake, etc.
• Technical ownership of projects for meeting various security compliance frameworks (ISO 27001, SOC 1, SOC 2, SOX, etc.)
• Work with product engineering to implement a high-capacity, secure access layer for both corporate and engineering resources.
• Secure and monitor Mac+PC endpoints, SaaS applications, and corporate networks, including automating detection and remediation.
• Contribute to company-wide information security and enforcement policies. 
• Write technical documentation for internal and external audiences of varying technical expertise.
• Work with compliance program staff to automate security compliance processes and reporting.

Your Minimum Experience Requirements

• 5+ years of information systems administration or engineering, with a focus on security.
• 2+ years of information security experience in a regulated environment.
• Familiarity with vulnerability management, patching, and automating tools and workflows.
• Knowledge of applied cryptography in PKI, TLS, VPN, key management, secure boot, encryption, etc.
• General knowledge of corporate IT architecture, including Mac+PC endpoints, VPN, and SaaS administration.
• Software development skills in Python (or similar languages) with popular databases.
• Writing technical communications for internal and external audiences of varying technical knowledge.
• Knowledge of security compliance frameworks (ISO 27001, SOC 1, SOC 2, SOX, etc.)
• A team-player mindset in an individual-responsibility environment.
• Hyper-focused attention to detail and context.
• Experience managing security engineers/contractors is a plus.

Plastiq's Corporate Tech Stack

• Plastiq’s corporate technology is powered entirely by SaaS and IaaS.
• An endpoint-and-application-focused “perimeter-less” security model.
• API-focused integrations between off-the-shelf applications.
• Remote-native IT services and technologies.

Plastiq is a smart payment platform designed for businesses to better manage their payments and cash flow. The platform lets companies maximize their existing credit, pay in whatever way is best for their business—regardless of what payment methods their recipients accept—and get paid by card without the burden of card acceptance fees. Businesses can pay globally in more than 40 countries, and Plastiq works with all major credit card providers, including Mastercard, Visa, American Express, and Discover. Plastiq has millions of customers and has processed billions in payments for a wide range of expenses, from business supplier payments and contractors to taxes and rent. Plastiq has won a number of awards and recognitions, including being named to the 2020 Forbes FinTech 50 and 2020 Bay Area Best Places to Work by the San Francisco Business Journal.