Staff Security Engineer

CloudQuery is seeking a talented and experienced Staff Security Engineer to join our core team. You will be responsible for shaping our security strategy and ensuring our infrastructure and operations adhere to industry standards. This is a high-impact, hands-on role where you'll lead the charge on maintaining our SOC2 attestation and oversee risk management efforts to ensure CloudQuery is secure, compliant, and efficient.

Responsibilities

• Collaborate with engineering, product, and executive teams to design and implement security initiatives.
• Lead end-to-end efforts to achieve SOC2 attestation and other relevant certifications.
• Manage MDM (Mobile Device Management) and other security software to enforce company-wide security policies.
• Oversee the implementation of security tools and practices across all departments, including DevOps, engineering, and corporate systems.
• Develop and maintain security policies, standards, and procedures that meet compliance requirements and best practices.
• Conduct regular risk assessments, audits, and reviews to identify and mitigate potential security threats.
• Drive security awareness and training initiatives to ensure all team members understand security best practices.
• Stay up to date with emerging security trends and technologies to continuously improve the security posture of CloudQuery.
• Lead incident response planning, simulation, and real-time handling of security incidents.
• Prepare and maintain thorough documentation for security measures, processes, and risk management activities.

Requirements

• 6+ years of experience in IT security, with a strong track record in managing security risk.
• Experience leading SOC2 and similar certification processes, with hands-on experience in compliance, audits, and security frameworks.
• Solid understanding of MDM solutions, endpoint security, and IT management.
• Strong familiarity with cloud platforms, security best practices, and DevOps processes.
• Experience in security incident management, threat detection, and vulnerability assessments.
• Excellent communicator with the ability to clearly document security processes and present them to both technical and non-technical stakeholders.
• Self-driven, resourceful, and able to thrive in a remote-first environment.
• A passion for security, automation, and ensuring development velocity without compromising on safety.

Benefits

• Remote-first company!
• Competitive pay with significant options pack upside.
• Remote-friendly environment and culture that nurtures company and team events to stay connected.
• High-impact role with lots of responsibilities and opportunities for career advancement