Senior Security Engineer
Department: Engineering
Employment Type: Full Time
Location: Remote (Canada)
Reporting To: Nate Kis
Compensation: $157,883 - $168,430 / year
Description
We are hiring our first Security Engineer to join our Engineering team!Join our growing team as the founding Security Engineer here at Spare. You'll play a pivotal role in enhancing our security practices, driving key security initiatives, and ensuring compliance with industry standards. We're a sub-200-person company that values agility, collaboration, and multi-tasking in a high-growth environment.
Our Spare HQ is in Vancouver - BC, but this position is open to remote work options across Canada. If you like coming into an office, you can work from our HQ as desired, and we also provide a co-working stipend for those who wish to work in an office outside Vancouver.
About this role ✨
In this role you will focus on:- Security Engineering Projects: Lead large-scale security engineering projects and inject security practices into our SDLC. You'll be working cross-functionally to add security initiatives to our quarterly roadmap.
- Security Audits & Compliance: Oversee and support the security audit process, ensuring we meet SOC2, ISO, and other industry compliance standards. Ensure that compliance documentation is up to date and distributed across teams.
- Detection & Incident Response: Use our tools to monitor security events and handle incident responses. Communicate security incidents and follow up with relevant teams.
- Corporate Security: Ensure our corporate security is robust with ongoing monitoring, phishing tests, and endpoint security practices. Collaborate with our office manager to outsource specific operational tasks.
- Operational Excellence: Your role is crucial in maintaining a strong security posture across the company. You will manage the [email protected] email inbox, evaluating external security assessments and collaborating with engineering teams for prompt remediation. Ensuring efficient management of employee access during onboarding and offboarding processes is also key.
About you ✨
You have...- 5 years or more of cybersecurity experience, having worked in a similar capacity within a start-up or scale-up (sub-200 employees)
- Proven experience with application security, network security, web application firewalls, and code security/analysis.
- Hands-on experience supporting audits, with a solid understanding of audit processes.
- Ability to thrive in an agile environment, handling multiple security and compliance tasks simultaneously.
- Excellent communication skills in order to collaborate effectively across departments.
- Security experience in Google Cloud Platform (GCP).
- Proficiency in Typescript, Terraform, and Kubernetes.
- Experience with security compliance tools such as Vanta.
- Led efforts to achieve SOC2, ISO27001 certifications.
- Flexibility to handle a role that's 50% security engineering and 50% compliance and corporate security.
- Passion for transit, and mobility
Canada
