Information Security Engineer

Information Security Engineer

About Bitwerx 

Bitwerx, Inc. is a team of industry experts focused on designing, building, and supporting innovative software solutions that leverage data to improve the customer journey. Our experience spans many industries with a focus on veterinary, and our partners range from startups trying to bring a new idea to market to Fortune 500 companies looking to become more agile.

About the role 

We are seeking an Information Security Engineer to serve as the primary owner of Bitwerx’s Information Security governance, policies, and compliance framework, leading the design, implementation, and ongoing maturation of the security program with a core focus on SOC 2 Type 2 and broader U.S. and international compliance requirements. 

This is a hands-on individual contributor role. You will be responsible for building practical, scalable security controls; refining policies and standards; operationalizing compliance requirements; and partnering closely with our Platform Delivery and Software Engineering teams to embed security into day-to-day operations. 

This role may be based in Lexington, KY (hybrid) or performed remotely from select U.S. locations.

What You’ll Do 

Security & Compliance Program Ownership 

• Own end-to-end SOC 2 Type 2 execution 

• Design, refine, and validate security controls 

• Prepare audit evidence and remediation plans 

Policy, Risk and Governance 

• Author and maintain security policies and standards 

• Maintain the risk register and treatment plans 

• Manage vendor risk workflows 

Cloud and Platform Security 

• Implement Azure security guardrails 

• Enforce IAM, RBAC, MFA and conditional access 

• Maintain the risk register and treatment plans 

• Secure CI/CD pipelines and secrets 

Monitoring and Incident Response 

• Implement centralized logging and alerting 

• Maintain Incident Response playbooks and lead response efforts 

• Perform root cause analysis 

• Manage tabletop exercises using real-world examples for team training 

Audit and Automation 

• Automate compliance evidence collection 

• Ensure controls are sustainable year over year 

What You’ll Bring 

• 3+ years in security and/or compliance engineering 

• SOC 2 Type 2 hands-on experience 

• Experience implementing international security and privacy compliance controls (e.g., GDPR, OSFI, and similar regulatory frameworks) 

• Strong understanding of security architecture and risk management for data-centric organizations, including large-scale data storage, processing, access controls, and data lifecycle governance 

• Azure cloud security experience 

• Strong written and technical communication skills 

• Proactive, collaborative team player who thrives in a fast paced, small company environment 

• Experience with Drata is preferred 

What Success Looks Like 

• Predictable, low-stress audits 

• Embedded security controls 

• Automated evidence collection 

Why This Role Matters 

Security and compliance are foundational to Bitwerx’s growth, reputation and customer trust. 

What We Offer 

• 100% company-paid health, vision, and dental insurance
  

• 401(k) with company match
  

• Robust PTO policy
  

• A collaborative and inclusive work culture 

• Opportunities for professional growth and development 

• The chance to make a significant impact on a growing company 
  
   

Bitwerx, Inc. is an Equal Opportunity Employer. Your application will be considered regardless of race, color, national origin, age, disability, gender, sexual orientation, gender identity or expression, marital status, or veteran status. You must be legally authorized to work in the U.S.