Security & Compliance Engineer for Cloud Product and Internal Systems
At Vouched, we are building an identity verification platform for developers. Companies use Vouched to verify identity while onboarding and authenticating users. We make identity verification easy with a combination of machine learning and data checks. Our customers leverage our APIs, integrations, and no-code solution to onboard customers to their systems. At Vouched, your work provides people with frictionless and fair access to healthcare, financial services, and work opportunities.
What We Do
- We automate identity verification at scale and are growing fast
- We service early-stage startups, unicorns, and large enterprises, with a focus on the developer experience. Check out our docs here to learn how our customers use our platform
- We run on a modern cloud infrastructure powered by automated integration and unit testing, provisioning, deployments, monitoring, and notifications
- We prioritize our work using light weight methodologies and collaborative communications
What You'll Do
We need someone who can drive security & compliance engineering across the organization. This includes ensuring our Google Cloud Platform (GCP) infrastructure, applications and IT processes are secure and compliant with ISO 27001 and SOC 2 Type II and are following best security practices.
We already have a great foundation - we’re compliant with ISO 27001 and SOC 2 Type II and we have Vanta, Rippling in place and integrated with our systems to ensure policies and controls are implemented. We need someone to manage this and continue to automate and implement it as we scale our product infrastructure.
- Work closely with our engineering team ensures we’re building and operating the product in a secure and compliant way
- Perform and automate security and compliance processes (managed via Vanta)
- Facilitate annual audits with proof that our controls are in place for audits both for internal process reviews and for auditors
- Help our customer-support team answer questions related to security and privacy questionnaires
- Help our engineering team automate everything from commit to production such that things are tested, reliable, and secure and moving fast
- Ensure that our cloud applications from Google Workspaces/GSuite to Salesforce to Slack to Snowflake are all integrated with our SSO
- Handle provisioning or deprovisioning employees or contractors through our systems (all managed via Rippling)
- Assist engineering debugging and troubleshooting issues in our production infrastructure
- Participate in infrastructure on-call rotations
Requirements
- Infrastructure and/or DevOps engineering experience, including security
- Experience automating ISO 27001 and SOC 2 Type 2 (or similar) technical requirements
- Experience managing the lifecycle of compliance processes
- Experience with scripting languages (e.g., Python, Bash) and infrastructure as code (IaC) principles
- Expertise in cloud infrastructure (e.g., AWS, Azure, GCP) and automation tools (e.g., Terraform, Ansible)
- Experience with deploying and supporting containerize applications (e.g., Kubernetes, ECS)
- CI/CD processes on production cloud infrastructure, i.e. AWS or GCP
- Understanding of asynchronous and distributed microservices architectures
Benefits
- Flexible paid time off
- Healthcare
- Vision
- Equity compensation
- Flexible remote, work-from-home arrangements
- Parental leave
- $150,000 to $200,000 OTE
This is a remote role - however, you must be based in the US (US work authorization required)