Security Specialist

About the Role

We're looking for a Security Specialist to help protect our systems, data, and integrations as we scale. This role is critical to ensuring the security and compliance posture of our infrastructure and applications, with a focus on best practices, data protection, and third-party integrations.

Responsibilities

• Provide daily support for source code protection solutions, including code signing and scanning tools in a cloud environment.
• Deliver solutions focused on application security, such as code scanning and code signing.
• Consult and develop CI/CD pipeline solutions.
• Coordinate extensively with extended security teams (networking, infrastructure, and leadership) to establish, maintain, and deliver application security services for clients.
• Lead and document Business Continuity Planning (BCP) and Disaster Recovery (DR) risk assessments, perform gap analyses, and provide actionable recommendations to the CTO and executive team on both immediate and long-term DR/BCP strategies.
• Plan, implement, and execute full interruption tests, as well as conduct BCP/DR tabletop exercise training to ensure organizational readiness in case of disasters.
• Oversee security patch management, ensuring timely deployment of patches on enterprise servers to maintain security compliance.
• Monitor and document security vulnerabilities using auditree, while applying necessary patches or remediation measures to keep servers up to date and secure.
• Assess vulnerabilities to determine if remediation requires patching or upgrades and open enterprise risk reports.
• Manage and mitigate risks related to the handling of Personally Identifiable Information (PII).
• Ensure ongoing compliance with security and data privacy standards (e.g., SOC 2, ISO 27001, GDPR, etc.) and corporate policies.
• Implement and maintain security best practices across systems, code, and infrastructure.
• Identify, assess, and manage risks related to third-party integrations, APIs, and external services.
• Work closely with engineering and product teams to build secure-by-design systems.
• Respond to security incidents and coordinate investigations and remediation.
• Maintain and improve security documentation, policies, and training programs.

Requirements

• 3+ years of experience in security, risk management, or compliance roles.
• Strong understanding of modern security best practices in cloud-native environments (IBM FS Cloud, AWS, GCP, or Azure).
• Familiarity with regulatory and compliance frameworks (SOC 2, GDPR, HIPAA, etc.).
• Experience with secure API design, OAuth, SSO, and identity management.
• Hands-on experience with security tooling (e.g., SIEM, SAST/DAST, vulnerability scanners).
• Excellent communication skills and the ability to collaborate cross-functionally.

Nice to Have

• Experience in a fast-paced startup or SaaS environment.
• Background in DevSecOps or secure software development lifecycle (SSDLC).
• Certifications such as CISSP, CISM, or GIAC.