Level up your social media marketing strategy ✨ Schedule, plan, engage & grow 🌴
Senior Security Engineer
Location
United States
Posted
5 hours ago
Salary
$145K - $175K / year
Seniority
Senior
Job Description
Senior Security Engineer
Later
Role Description We're looking for a Senior Security Engineer to strengthen Later's company-wide security posture through hands-on engineering, thoughtful collaboration, and pragmatic standards. This role blends deep security expertise with strong software engineering skills, focusing on: - Application security - Cloud and infrastructure security - Secure development practices - Vulnerability management - Compliance enablement - Security improvements across corporate systems and business operations A core focus of this role is helping Later mature its security capabilities in support of SOC 2 and other compliance expectations through practical controls, automation, evidence-ready processes, and clear guidance that works across the company. What you'll be doing: - Company-Wide Security Strategy & Compliance - Assess and continuously improve Later's overall security posture across applications, infrastructure, cloud environments, corporate systems, vendor tooling, and business workflows. - Define and implement scalable security standards, best practices, and guardrails that support SOC 2 readiness through practical, automated, and auditable solutions. - Partner with Engineering, Infrastructure, IT, Product, Legal, People, Finance, and business leaders to align security priorities with company goals, risk reduction, and delivery timelines. - Translate SOC 2 and related compliance requirements into sustainable technical and operational controls, procedures, and evidence collection practices. - Identify security gaps across the company, prioritize remediation efforts, and help teams make pragmatic, risk-based decisions. - Support company-wide security awareness, secure operating practices, and adoption of security controls across business teams. - Technical Execution - Build and maintain internal security tools, automation, and services that support secure development, compliance workflows, vulnerability management, corporate security operations, and operational visibility. - Design and implement security controls within CI/CD pipelines, including secure build and deploy patterns, security scanning, dependency management, container scanning, and secret management. - Support application security efforts, including secure design reviews, threat modeling, code review guidance, API security, microservices security patterns, and remediation planning. - Improve cloud infrastructure and corporate systems security through hardening, monitoring, configuration review, Infrastructure-as-Code security scanning, access reviews, and secure operational patterns. - Collaborate with technical and business teams to identify vulnerabilities and control gaps, explain impact clearly, and drive effective remediation. - Strengthen security observability and response readiness through logging, alerting, detection engineering, incident response improvements, and company-wide security process maturity. - Collaboration & Enablement - Partner with teams across the company to identify, understand, and fix security issues in a collaborative, non-blocking way. - Provide pragmatic security guidance on designs, implementations, vendor tools, operational practices, and business workflows. - Communicate security risks, tradeoffs, and recommendations clearly across technical and non-technical audiences. - Embed security into development workflows, corporate systems, and company operating practices without slowing teams unnecessarily. - Support SOC 2 and related compliance efforts through automation, well-defined controls, reliable evidence practices, and cross-functional coordination. What success looks like: - Within the first 90 days, you've completed a security posture assessment, identified the highest-priority gaps, and have a remediation roadmap that's been reviewed and socialized with key stakeholders across Engineering, IT, and Leadership. - By 6 months, core SOC 2 controls are documented, automated where possible, and evidence collection is running reliably without manual heroics from any single team. - Security is embedded into Later's CI/CD pipelines, with scanning, secret management, and container security integrated and maintained as a standard part of the development lifecycle. - Teams across Engineering, IT, and the business have a clear point of contact for security questions, a shared understanding of the risk landscape, and security guidance that helps them move faster, not slower. - Later's security observability has materially improved: logging, alerting, and detection coverage are in place, and the company has a documented, practiced incident response process. Qualifications - 5-7+ years of experience as a Security Engineer or Software Engineer with a strong security focus. - Proven ability to build and operate production-quality software, automation, and internal tooling. - Strong understanding of application security, infrastructure security, cloud security, secure CI/CD practices, and corporate security controls. - Hands-on experience with vulnerability management, secure software development, threat modeling, remediation workflows, and operational security improvements. - Experience with security frameworks and standards such as OWASP, NIST, CIS Controls, SOC 2, and ISO 27001, and the ability to apply them in production and business environments. - Experience supporting SOC 2 compliance efforts through practical, automated, and auditable controls. - Familiarity with cloud security platforms such as AWS Security Hub, Azure Security Center, or GCP Security Command Center. - Experience with SIEM/SOAR tools, logging and monitoring platforms, detection workflows, and practical incident response processes. - Experience with Infrastructure-as-Code security scanning for tools such as Terraform or CloudFormation. - Ability to translate complex security concepts into clear, actionable guidance for technical and non-technical audiences. - Experience collaborating closely with engineering, IT, compliance, and business teams to improve security outcomes. - Familiarity with C#, modern backend systems, cloud-native architecture, and SaaS business tooling. How you work: - Driven by Impact: You deliver results that matter, prioritizing high-value work, meeting deadlines, and adapting quickly while keeping outcomes clear. - Strategic & Customer-Centric: You anticipate risks and opportunities, connect decisions to long-term growth, and build trust through proactive insights. - Curious & Growth-Oriented: You seek knowledge, ask sharp questions, and apply learnings fast, challenging the status quo with a mindset of improvement. - Collaborative & Resilient: You thrive in change by staying resourceful, solution-focused, and positive, removing roadblocks, sharing insights, and keeping morale high. - Accountable & Honest: You own your work, hold yourself and others to a high bar, and use transparent feedback to drive growth. - Emotionally Intelligent: You build trust through empathy and collaboration, foster inclusion, and inspire others with grit, optimism, and integrity. Our approach to compensation: We take a market-based & data-driven approach to compensation. We leverage data from trusted third-party compensation sources to help us understand the market value of a role based on function, level, geographic location, and scope. We evaluate compensation bi-annually, including performance and market-related factors. Our salaries are benchmarked against market Total Cash Compensation for the geographic location of our job posting. Compensation for some roles is structured as On Target Earnings (OTE = base + commission/variable) while for others it is structured as Salary only. To comply with local legislation and ensure transparency, we share salary ranges on all job postings. Skills, experience and other factors help determine the final salary we offer which may vary from the original range posted. Additionally, all permanent team members are eligible to participate in various benefits plans as part of their overall compensation package. Salary Range: $145,000 - $175,000 Where we work: We have offices in Boston, MA; Vancouver, BC; and Vancouver, WA. For select positions, we are open to hiring fully remote candidates. We post our positions in the location(s) where we are open to having the successful candidate be located. Diversity, inclusion, and accessibility: At Later, we are committed to fostering a culture rooted in an inclusion-first mindset at every level of the company, embracing the importance of hiring and building teams for culture add rather than culture fit. We openly build and maintain unbiased hiring, pay, and promotion practices to create a foundation for an equitable workplace, paving the way for systemic change. We are committed to creating a diverse environment and are proud to be an equal opportunity employer. All applications will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, national origin, disability, or age. Please let us know if you require any accommodations or support during the recruitment process.
Related Guides
Related Categories
Related Job Pages
More Security Engineer Jobs
• Plan and execute AI-assisted red team engagements across web applications, APIs, cloud workloads and infrastructure, and deliver prioritized technical reports and executive summaries. • Provide clear remediation guidance and validate fixes, prioritizing critical and high findings. • Configure, tune and maintain offensive tooling and develop automation playbooks that reduce manual triage and false positives. • Integrate recurring security checks into CI/CD pipelines and platform processes to enable continuous testing and attack-surface reduction. • Run remediation workshops and knowledge transfers, and produce reusable runbooks for product and platform teams. • Coordinate triage and handoff with SOC, IT Ops, product teams and central IT Security, and support governance and compliance mapping (OWASP, API Security Top 10, CVSS).
• Represent SpecterOps at industry conferences, webinars, meetups, and virtual events. And serve as a public-facing advocate for SpecterOps across online and offline communities, helping build awareness, trust, and engagement within the cybersecurity community. • Engage with the cybersecurity community through social media, forums, and online groups to promote best practices and thought leadership. • Manage and execute Community event sponsorships, with primary focus on the North America region. • Develop high-quality, technical content such as blogs, whitepapers, tutorials, and videos to educate users about BloodHound Community Edition, BloodHound Enterprise, other SpecterOps’ open-source tools and related security topics. • Create and deliver compelling presentations and workshops on attack path management, identity security, and other key areas of expertise. • Partner closely with the Community Manager to develop and execute community growth initiatives, ambassador programs, educator programs, content creator programs, and community engagement campaigns. • Stay current with trends and developments in cybersecurity to serve as a trusted expert. • Contribute to SpecterOps’ position as a leader in attack path management and enterprise security by sharing innovative ideas and solutions. • Uncover new use cases for our existing tools and potential new opportunities for us to develop solutions for existing customers and community members. • Serve as a technical expert on the marketing team and help inform other demand gen programs, product marketing campaigns and other initiatives as needed.
Principal OT Security Engineer
GuidePoint SecurityWe help organizations make smarter cybersecurity decisions that minimize risk.
• Lead and oversee OT security engineering engagements, including deployment and optimization of OT security tools, health-checks of existing OT security programs, driving configuration and architecture decisions in collaboration with clients and vendors, and leading OT security architecture assessments • Define and advance GuidePoint's OT service delivery methodology, setting technical standards and quality benchmarks for the broader OT practice • Author and review comprehensive services deliverables that are proficiently tailored to both technical and executive audiences, fully detailing technical execution, core deficiencies, business impact, and strategic remediation roadmaps • Serve as a subject matter expert (SME) and final technical escalation point for complex OT engagements across the practice • Perpetually strengthen and disseminate relevant skills, knowledge, and capabilities to keep GuidePoint and its clients at the forefront of the OT security industry • Cultivate and expand senior client relationships, acting as a trusted advisor to client leadership and representing GuidePoint at the highest levels • Drive cross-functional collaboration to mature and differentiate GuidePoint's OT service offerings in alignment with the SANS Five ICS Critical Controls and other leading frameworks • Contribute to business development through thought leadership, conference presentations, whitepaper authorship, and active participation in pre-sales and proposal activities • Embraces emerging technologies, including AI tools, to work smarter, solve problems, and drive better business outcomes.
Junior Engineer – Security
CBTSCBTS partners with businesses to deliver innovative technology solutions, including application services, cloud solutions, consulting, digital workplace solutio
Role Description As a Security Automation Engineer I, you will contribute to the growth and maturity of our Security Operations team by developing and maintaining automation playbooks and workflows within our SOAR and XDR platforms. You will be responsible for translating analyst-driven investigation workflows into automation that accelerates triage, enrichment, containment, and remediation of issues across the SOC. - A strong background in security operations is essential for this role. - Understanding what happens before and after an alert is received is crucial. - Collaborate closely with SOC analysts and senior engineers to reduce manual workload, improve response consistency, and support a more resilient security operation. Qualifications - 2+ years of experience as a SOC analyst, with senior analyst experience preferred. - Hands-on familiarity with alert triage, threat investigation, and escalation decision-making. - 1-2 years of experience working with a SOAR platform, with Palo Alto XSIAM or XSOAR experience strongly preferred. - Four-year college degree resulting in a bachelor's degree, or equivalent practical experience. - One or more of the following certifications: Palo Alto Cortex, CompTIA Security+, CompTIA CySA+, GIAC GSEC, EC-Council CEH, and similar. Requirements - Solid understanding of cybersecurity principles, common attack techniques, and SOC operational workflows. - Experience with SIEM, SOAR, EDR/XDR, threat intelligence, endpoint protection, and email security technologies. - Familiarity with SOAR playbook development, with Palo Alto XSIAM and/or XSOAR experience being strongly preferred. - Understanding of common detection use cases including phishing, endpoint compromise, identity threats, and network anomalies. - Proficiency in Python for scripting and automation tasks. - Comfortable working with REST APIs, Regex, and JSON to build and troubleshoot platform integrations. - Familiarity with Windows, MacOS, and Linux environments. Skills - Develop, test, and maintain automated playbooks and integrations across Palo Alto XSOAR and Cortex XSIAM. - Collaborate with SOC analysts to identify manual, repetitive workflows and translate them into reliable automation. - Experience integrating security tools and platforms to support cohesive, automated response workflows. - Strong analytical skills to evaluate playbook performance, identify logic gaps, and iterate based on analyst feedback and operational data. - Effective problem-solving to troubleshoot integration and automation failures. - Clear verbal and written communication skills, with the ability to document playbook logic and contribute to design discussions across distributed teams. Abilities - Ability to work independently, manage time effectively, and stay productive in a remote environment. - Collaborative team player capable of contributing to technical conversations and troubleshooting sessions. - High attention to detail to ensure automation logic performs accurately under varied conditions. - Commitment to continuous learning and staying current with evolving threats, detection techniques, and automation capabilities. - Ability to adapt playbook logic as the threat landscape and tool stack change over time. Supervisory Responsibilities - No Supervisory Responsibility.



