Transforming the moving world, one startup at a time
Senior Security Controls & Compliance Engineer
Location
United States
Posted
3 days ago
Salary
0
Seniority
Senior
Job Description
Senior Security Controls & Compliance Engineer
UP.Labs
Role Description UP.Labs is a venture studio that builds and launches vertical AI enterprise SaaS companies with corporate partners in transportation, mobility, logistics, and industrial markets. We are hiring a Senior Security Controls & Compliance Engineer on a 6+ month contract to build, implement, and operate the security control foundation across multiple venture applications. This is a hands-on security execution role. We are not looking for someone who documents gaps, manages a compliance tool, and routes work to engineering. We need an operator who can understand enterprise customer security requirements, identify the controls required, implement or configure those controls directly, and verify they are operating effectively. You will prepare our venture applications for SOC 2 readiness while supporting enterprise customer data, information security, and TPRM requirements. Because our ventures are built alongside large corporate partners, the security bar is set by real enterprise buyers from day one, not by an internal checklist. The goal is a repeatable security baseline that each venture application can inherit, operate against, and carry forward as it matures or spins out into an independent company. What You'll Own - Build, implement, and operate security and compliance controls across multiple venture applications and supporting systems. - Translate enterprise customer security, data handling, and TPRM requirements into practical technical controls, operational workflows, evidence requirements, and remediation plans. - Create a reusable security control baseline that can be applied across current and future venture applications. - Select, configure, and operate a compliance automation platform (evaluating options such as Vanta, Drata, or Secureframe), including evidence integrations across cloud, GitHub, identity providers, ticketing, device management, and productivity tools. - Implement identity and access controls: SSO, MFA, role-based access, least privilege, access review workflows, and offboarding evidence. - Implement secure SDLC controls: branch protection, required code reviews, code scanning, dependency scanning, secret scanning, vulnerability management, and release/change management evidence. - Implement cloud security controls: IAM policies, encryption settings, logging, monitoring, backups, network restrictions, and security alerting. - Implement operational security workflows: vendor review, risk review, change management, policy attestation, incident response evidence, exception tracking, and recurring control reviews. - Maintain a centralized control library mapped to SOC 2 Trust Services Criteria, customer-specific requirements, and relevant frameworks (ISO 27001, NIST CSF, CIS Controls). - Support SOC 2 readiness end to end: control mapping, evidence requirements, gap tracking, audit prep, and control verification. - Identify launch-blocking security gaps and close them directly where possible. - Partner with product engineering only where application-specific code, architecture, or deeper infrastructure changes are required, writing clear technical requirements and acceptance criteria for that work. - Support customer security questionnaires, audits, evidence requests, and enterprise security reviews with accurate technical detail. - Track control gaps, remediation status, launch blockers, and compliance risk for leadership. - Produce a repeatable security implementation playbook that future ventures can inherit, and support the handoff of a venture's security posture when it spins out. What Success Looks Like - Enterprise customer requirements are translated into implemented controls, not just documented gaps. - Each venture application has a working security baseline across identity, cloud, source control, CI/CD, logging, monitoring, evidence, and operational processes. - SOC 2 readiness is actively tracked with clear control ownership, evidence collection, and operating cadence. - Compliance tooling is selected, configured, and producing useful evidence across the required systems. - Engineering teams are engaged only when product-specific implementation is required, not overloaded with generic security tasks. - Security launch blockers are identified early, prioritized clearly, and remediated quickly. - Customer security reviews, audits, and questionnaires are handled with accurate technical detail and supporting evidence. - Leadership has clear visibility into control maturity, launch risk, audit readiness, and open remediation items. - A reusable security control baseline and playbook exists that can be applied to new ventures and carried forward as they spin out. Qualifications - 7+ years in security engineering, cloud security, DevSecOps, security operations, security compliance, or GRC, including hands-on control implementation in cloud/SaaS environments. - At least one full SOC 2 readiness-through-audit cycle owned or driven end to end. - Demonstrated ability to configure and operate security and compliance systems directly, not just document requirements. - Strong command of security controls, audit evidence, policy requirements, control testing, and control operation. - Proven experience translating enterprise customer security requirements into practical technical controls. - Hands-on experience with identity and access controls (SSO, MFA, RBAC, least privilege, access reviews, offboarding). - Hands-on experience with secure SDLC controls (source control permissions, code review, branch protection, vulnerability management, dependency and secret scanning, change management evidence). - Hands-on experience with cloud security controls (IAM, encryption, logging, monitoring, backups, network restrictions, alerting). - Experience standing up and operating a compliance automation / GRC platform (e.g., Vanta, Drata, Secureframe) from scratch. - Familiarity with our core stack: GitHub, Jira or Linear, Okta, Google Workspace, Slack, and a major cloud provider (AWS, Azure, or GCP). - Strong written communication for policies, procedures, audit documentation, technical requirements, and customer-facing security responses. - Ability to operate independently in an ambiguous, fast-moving venture environment and deliver on a compressed timeline. Preferred Qualifications - Experience supporting enterprise customers with strict security, data handling, or TPRM requirements. - Experience in venture-backed startups, enterprise SaaS, or venture studio environments. - Experience carving a company's security posture out of a parent or shared-services environment during a spin-out or standalone build. - Familiarity with SOC 2 Trust Services Criteria, ISO 27001, NIST CSF, or CIS Controls. - Experience with GitHub security features, CI/CD security controls, vulnerability management tools, and cloud security monitoring. - Relevant certifications: CISSP, CISM, CISA, CRISC, ISO 27001 Lead Implementer, AWS Security Specialty, or Security+.
Related Guides
Related Categories
Related Job Pages
More Security Engineer Jobs
Online Adjunct Professor – Cyber Security
Bryant & Stratton CollegeBryant & Stratton College: A Career-Focused, Private, Nonprofit College Built Different to Serve Our Students.
• Prepare course(s) assigned in Blackboard with required elements by the designated deadline. • Provide approximately 12-14 hours per week of instruction over the course of five days each week, per course. • Facilitate discussion, grading student work, checking email, engaging in personalized retention efforts and outreach to support student success. • Respond to all outreach (email, text, calls, etc.) from students, supervisors, colleagues, etc. within 48-hours. • Facilitate discussion with substantive, high-quality posts, higher-order questioning, and supplemental resources. • Ensure the grade book is updated each week no later than Thursday at 11:59 pm, ET for Weeks 1-6, and 9 am ET Thursday after the last day of class for Weeks 7 and 7.5. • Follow the college’s plagiarism policy to promote academic integrity in all courses.
Security Engineer
ECS Tech IncAll candidates must meet the following criteria: Must be a US Citizen, no dual Citizenships. Must be able to secure a Public trust clearance. Must be able to work across multiple programs across the Federal and DOD space. The core values that ECS looks for in an engagement manager include: Teamwork, Respect, Accountability, Integrity, and Leadership.
Role Description Everforth ECS is seeking a Security Engineer to work in our Portland, OR office or remotely. Note: This position is contingent upon contract award. The Security Engineer supports the design, implementation, configuration, and maintenance of cybersecurity technologies, controls, and secure infrastructure capabilities across enterprise systems and security operations environments. This role helps ensure that systems, applications, networks, endpoints, and cloud environments are protected, monitored, hardened, and aligned with organizational security requirements. The ideal candidate has hands-on experience implementing and supporting security tools, troubleshooting technical security issues, applying secure configuration standards, and collaborating with SOC analysts, system administrators, network engineers, control assessors, and program stakeholders to improve the organization's security posture. Key Responsibilities - Security Engineering & Implementation - Implement, configure, maintain, and support cybersecurity technologies, tools, platforms, and technical security controls. - Assist with engineering secure solutions for enterprise systems, networks, endpoints, cloud environments, applications, and operational support platforms. - Support security architecture decisions by providing implementation input, technical feasibility analysis, and operational considerations. - Apply security engineering practices across the system lifecycle, including planning, deployment, configuration, testing, operations, and sustainment. - System Hardening & Secure Configuration - Apply secure configuration baselines, hardening standards, and technical control requirements to servers, endpoints, network devices, applications, and cloud services. - Review system configurations, permissions, authentication settings, logging settings, encryption settings, and access controls for alignment with security requirements. - Support implementation of vulnerability remediation, configuration changes, patching activities, and risk reduction measures in coordination with system owners. - Validate that security controls are operating as intended and support remediation when control gaps or technical weaknesses are identified. - Security Tool Support & Integration - Support deployment, tuning, and sustainment of tools such as SIEM, EDR, vulnerability scanners, firewalls, IDS/IPS, email security, identity security, logging, and monitoring platforms. - Integrate security tools with enterprise systems, data sources, ticketing systems, dashboards, identity platforms, and incident response workflows. - Troubleshoot tool performance, connectivity, data collection, alerting, agent health, policy enforcement, and integration issues. - Coordinate with SOC analysts, Splunk engineers, threat hunters, and system administrators to ensure security tooling supports monitoring, investigation, and response requirements. - Vulnerability, Risk & Remediation Support - Analyze vulnerability scan results, configuration findings, security alerts, and control weaknesses to support prioritization and remediation planning. - Work with technical teams to identify root causes, validate remediation options, and confirm closure of vulnerabilities or security findings. - Support risk treatment activities by documenting technical constraints, compensating controls, residual risk, and remediation status. - Assist control assessors and assessment leads by providing technical evidence, configuration details, screenshots, logs, and implementation explanations. - Incident Response & Operational Support - Provide technical engineering support during security incidents, investigations, containment activities, eradication efforts, and recovery actions. - Assist with log collection, tool validation, endpoint or network containment actions, access changes, system isolation, and forensic preservation activities as directed. - Develop and maintain scripts, queries, automation, and repeatable procedures to improve security operations and engineering response efficiency. - Participate in after-action reviews and support implementation of technical improvements based on incident lessons learned. - Documentation, Standards & Continuous Improvement - Develop and maintain technical documentation, configuration standards, diagrams, implementation guides, runbooks, and operational procedures. - Support change management, configuration management, asset documentation, and security engineering governance processes. - Recommend improvements to security tools, engineering processes, baselines, automation, monitoring coverage, and technical control implementation. - Stay current with emerging threats, security technologies, hardening guidance, and engineering best practices relevant to enterprise security environments. Qualifications - U.S. Citizenship with ability to obtain and maintain a DOE “L” clearance after start. - 3-5 years of experience in cybersecurity engineering, security operations, systems administration, network administration, cloud security, or related technical security roles. - Hands-on experience implementing, configuring, or supporting security tools, technical controls, secure configurations, and enterprise security technologies. - Working knowledge of Windows, Linux, networking, identity and access management, endpoint security, logging, vulnerability management, and common security architectures. - Experience applying security requirements, hardening standards, vulnerability remediation guidance, and configuration baselines across technical environments. - Ability to troubleshoot technical security issues involving systems, networks, applications, integrations, agents, logs, policies, and monitoring tools. - Familiarity with cybersecurity frameworks, standards, and best practices such as NIST, CIS Controls, DISA STIGs, ISO 27001, or organizational security baselines. - Strong documentation, communication, collaboration, and problem-solving skills.
Role Description The Security Specialist – Level III will lead enterprise AWS and hybrid cloud security for the USDA FPAC Cloud Platform. This role will: - Design and govern cloud security architecture. - Establish and enforce security controls. - Support compliance activities. - Lead security operations across AWS and hybrid environments. Qualifications - Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, Engineering, or related field; Master’s degree preferred. - Minimum 10 years of AWS security experience. - Must have one of the following certifications: - AWS Certified Security – Specialty - AWS Solutions Architect certification. - Expert-level knowledge of AWS security services and enterprise cloud security governance. - Demonstrated experience in cloud security architecture, zero-trust design, and zero-trust compliance leadership. - Experience supporting federal or enterprise compliance frameworks, including FISMA, NIST SP 800-53, and FedRAMP. - Experience with vulnerability management, incident response, audit support, and continuous monitoring. - Excellent written and verbal communication skills. - Ability to obtain and maintain required USDA suitability/public trust credentials; highly desirable candidate already has USDA clearance. Requirements - Current or prior experience supporting USDA, FPAC, or other federal civilian agency cloud environments. - Highly desirable: current or recent USDA/FPAC public trust or suitability clearance and active HSPD-12 PIV card, or prior adjudicated clearance that can be reactivated. - Preferred Certifications (Any One): - CISSP - CCSP Key Responsibilities - Design and govern enterprise AWS security architecture across cloud and hybrid environments. - Lead implementation of cloud security controls, logging, encryption, identity and access management, and network security. - Support and oversee FISMA, NIST SP 800-53, FedRAMP, and USDA security compliance requirements. - Lead continuous monitoring, vulnerability management, remediation tracking, and audit support. - Support ATO activities, security assessments, penetration testing, and incident response. - Implement and enforce zero-trust and secure-by-design principles across cloud and hybrid environments. - Provide security guidance to DevSecOps, platform, and operations teams. - Prepare and maintain required security documentation, reports, and compliance artifacts. Benefits - Competitive compensation and benefits packages including paid vacation, medical, dental, vision, matching 401(k) plan, tuition/training reimbursement, and Long & Short-Term Disability.
AI Security Specialist
Sourcing Trust, Lda | Catenon PartnerNa Sourcing Trust, comprometemo-nos a fornecer soluções tecnológicas inovadoras, fiáveis e personalizadas que capacitam as empresas a prosperar num panorama digital em rápida evolução. Foco na excelência, integridade e colaboração. Construímos parcerias duradouras através da compreensão das necessidades únicas de cada cliente. Oferta de suporte especializado em todas as fases. A nossa equipa dedica-se a promover um ambiente de trabalho positivo e inclusivo. Incentivamos o crescimento contínuo, a aprendizagem e o sucesso partilhado.
Role Description Estamos a recrutar um(a) AI Security Specialist para integrar um projeto internacional no setor da logística, com foco na segurança de soluções baseadas em Microsoft Copilot e ecossistema Azure/Microsoft 365. - A função envolve a proteção, monitorização e otimização de ambientes Copilot. - Garantir conformidade com boas práticas de segurança, Zero Trust e gestão de identidades. - Papel ativo na análise de ameaças emergentes em soluções de IA, como: - Prompt injection - Data poisoning - Tentativas de manipulação de modelos Qualifications - Licenciatura em Ciência da Computação, Cibersegurança, IT ou área relacionada. - Mestrado em Cibersegurança ou áreas similares é uma mais-valia. - Fluência em inglês. Requirements - Mínimo de 5 anos de experiência em Cibersegurança. - Pelo menos 3 anos de experiência com Microsoft 365 e Azure Security. - Sólidos conhecimentos em Microsoft Defender, Entra ID, Conditional Access e Zero Trust. - Experiência prática em modelação de ameaças e security testing. - Conhecimentos de PowerShell, Python ou C# (obrigatório). - Certificações em segurança (ex.: Microsoft Security, AZ-500, CISSP) são valorizadas. Company Description Na Sourcing Trust, comprometemo-nos a fornecer soluções tecnológicas inovadoras, fiáveis e personalizadas que capacitam as empresas a prosperar num panorama digital em rápida evolução. - Foco na excelência, integridade e colaboração. - Construímos parcerias duradouras através da compreensão das necessidades únicas de cada cliente. - Oferta de suporte especializado em todas as fases. - A nossa equipa dedica-se a promover um ambiente de trabalho positivo e inclusivo. - Incentivamos o crescimento contínuo, a aprendizagem e o sucesso partilhado.


