Security Compliance Engineer

Security Compliance Engineer

Position overview

We are seeking a Security Compliance Engineer with DevOps experience to enhance our Engineering team. This role combines security, compliance, and DevOps to ensure our technology infrastructure is secure, compliant, and efficiently managed. The ideal candidate will be adept at using cloud technologies, particularly AWS, and have experience with infrastructure as code, specifically Terraform.

Key responsibilities

• Implement security measures and compliance controls within our backend systems, focusing on cloud environments like AWS and enterprise security.

• Collaborate with compliance project managers and corporate IT to adopt new compliance standards, integrate them with existing security solutions and collect evidence for external audits. 

• Enhance data protection, conduct risk assessments, and ensure systems comply with standards like GDPR, SOC2, or ISO.

• Ensure controls are configured correctly and integrated into the security strategy

• Identify and mitigate vulnerabilities, ensuring both security and compliance across systems.

• Stay updated on security technologies and compliance regulations, applying this knowledge to improve our infrastructure.

• Works with the engineering team to build secure and compliant software development practices.

• Manage application patching and update AWS configurations using Terraform to maintain system integrity and performance.

• Work with the team to conduct regular audits to ensure compliance with internal policies and procedures, relevant security standards best practices, regulations and client requirements to identify gaps and provide remediation solutions

Qualifications

Basic Qualifications

• Bachelor’s degree in Computer Science, Information Systems, Security or a related field.

• 4+ years of experience within a security and compliance function

• Experience with vulnerability management tooling, remediation, and processes

• Experience with Docker, Terraform, AWS 

• Understanding of concepts related to Systems Engineering/DevOps, IaC, IAM, network security, systems security, cryptography

• Understanding of compliance frameworks (e.g., GDPR, SOC2, ISO) and security best practices.

• Strong expertise in cloud security and compliance, particularly with AWS.

Preferred Qualifications

• Have a wide understanding of cybersecurity and data protection frameworks such as ISO 27001, NIST, SOC2, PCI-DSS, GDPR, CCPA.

• Experience developing and maintaining policies, procedures, standards, and guidelines to align with company’s strategy and best practices

• Experience with automated compliance and security monitoring tools.

• Knowledge of Large Language Models (LLMs) and secure, compliant integration.

• Ability to work effectively in fast-paced and dynamic environments.

• Excellent communication skills for technical and regulatory collaboration.

• Enterprise security experience is a plus