Software Engineer, Security & Compliance

About NewsBreak

NewsBreak is redefining the way users interact with local news and their communities. By bridging local users, local content creators, and local businesses, our mission is to foster safer, more vibrant, and authentically connected lives. Through robust collaborations with thousands of local publishers and businesses across the nation, NewsBreak is revolutionizing how a new wave of readers access and engage with essential, locally sourced content & information.

Since our inception in 2015, our trajectory has been nothing short of remarkable. We proudly stand as the nation’s premier local news app.

As a Series-C unicorn startup, our headquarter nestles in the tech hub of Mountain View, California, with other offices in New York City and Seattle. For more information, visit www.newsbreak.com/about

Location: Mountain View, CA (Onsite)

About the role

As a Software Engineer in Security & Compliance, you will be responsible for ensuring the security, privacy, and regulatory compliance of our cloud infrastructure and data ecosystems. You will work at the intersection of trust & safety, data compliance, and platform security, developing scalable solutions to protect sensitive data, enforce compliance policies, and mitigate security risks. Your focus will be on securing cloud environments (AWS, Kubernetes/EKS/EMR), implementing data governance frameworks, and automating compliance enforcement, ensuring our infrastructure meets the highest standards for data integrity, access control, and regulatory adherence. You will play a critical role in designing privacy-first architectures, automating audit and monitoring processes, and ensuring compliance with global regulations such as GDPR, CCPA, SOC 2, HIPAA, and ISO 27001, safeguarding both internal systems and customer data from evolving security threats.

Responsibilities

• Design, implement, and automate security and data compliance controls to protect cloud infrastructure, sensitive data, and applications, ensuring adherence to GDPR, CCPA, SOC 2, HIPAA, ISO 27001, and other regulatory frameworks.
• Develop monitoring, anomaly detection, and audit logging systems to track data access, detect policy violations, and mitigate security threats, ensuring compliance in AWS, EKS, and EMR environments.
• Enhance trust and safety mechanisms by implementing identity and access management (IAM), fine-grained data access controls, zero-trust architectures, and encryption strategies to safeguard sensitive information.
• Collaborate with privacy, compliance, and legal teams to define data retention policies, enforce access governance, and implement automated compliance reporting to support regulatory audits.
• Ensure security, data privacy, and compliance controls are embedded throughout the software development lifecycle (SDLC), from design and deployment to access controls, logging, and auditability.
• Lead data compliance incident response efforts, including forensic analysis of data breaches, compliance violation investigations, blameless postmortems, and continuous improvement in regulatory safeguards.
• Implement Infrastructure-as-Code (IaC) security and compliance automation in Terraform, CloudFormation, or Kubernetes manifests, ensuring consistent enforcement of data security policies, encryption standards, and audit logging across all infrastructure.

Requirements

• BS or MS in Computer Science, Engineering, or a related field, with at least 2+ years of experience in Security, DevSecOps, or Infrastructure Engineering roles.
• Proficiency in secure programming with at least one language: C, C++, Java, Python, or Go.
• Experience securing cloud platforms (AWS, GCP, or Azure), with a strong focus on AWS services, Kubernetes (EKS), and EMR.
• Deep understanding of Linux security, networking protocols (TCP/IP, TLS), IAM, and access control policies.
• Hands-on experience with security tools for vulnerability scanning, intrusion detection, and log analysis (e.g., AWS Security Hub, GuardDuty, CloudTrail, SIEM solutions).
• Strong knowledge of privacy regulations (GDPR, CCPA, SOC 2) and compliance frameworks.
• Experience in threat modeling, security risk assessments, and designing secure distributed systems.

Benefits

We offer competitive benefits package:

• Health, dental, and vision care for you and your family
• Top-tier 401(K) plan with company matching
• Paid time off and paid holidays
• Paid parental leave
• FSA and commuter benefits programs
• Team activity budget

The US base salary range for this full-time position is listed below. Pay may vary based on a number of factors including job-related skills, level, experience, geographic location and relevant education or training. At NewsBreak, we design our overall rewards package to attract top talents. Depending on the position, the role may also be eligible for discretionary bonus and options. Your recruiter can share more details during the hiring process.Annual Base Pay Range$130,000—$260,000 USD

CPRA Privacy Notice for California Candidates