Responsibilities
- Be the internal security lead on our Greenfield Product with full access to source code, cloud infrastructure, and configurations.
- Ensure the product is enterprise-ready before customers go near it.
- Work alongside the Greenfield Product hardening squad for collaboration.
- Act as day-to-day counterpart to external security and pen test partners.
- Build and implement controls, not writing recommendations for others to action.
- Own AWS security posture including account structure, IAM, RBAC, logging, and monitoring.
- Manage SOC 2 Type II controls and evidence for the Greenfield Product on AWS.
- Handle application-level hardening including authentication, API rate limiting, web security headers, etc.
- Manage penetration test engagements with external firms, triaging findings, and closing them rapidly.
- Put automated processes in place for continuous security validation.
- Ensure data residency requirements are met for US and UK law firm customers.
Qualifications
- Deep, hands-on security engineering experience, building and implementing controls, not just advising
- Strong AWS security knowledge: IAM, account structure, Well-Architected Framework, CloudTrail, GuardDuty, Config, Security Hub
- Driven a real SOC 2 Type II engagement: controls, evidence collection, and audit preparation, not just policy documentation
- Application security experience: auth, RBAC, common web vulnerabilities, ability to implement fixes directly in code and config
- Managed external pen test engagements: scoping, triaging findings, and closing them
- Comfortable working at pace with minimal hand-holding in a small, senior team
- Available immediately or within days, not weeks.
#J-18808-Ljbffr…
