The Role

Were seeking a Senior Security Engineer to drive security engineering and compliance initiatives across our app. In this role youll partner with engineering teams to design implement and automate security controls that meet rigorous compliance standards (SOC 2 GDPR and CCPA). Youll own security architecture decisions vulnerability management and lead efforts to ensure that we stay ahead of evolving threats.

If youre passionate about scalable security engineering proactive compliance and empowering developers to ship secure products we want to hear from you.

Location: Candidates must permanently and currently reside in the United States. Employees are not required to work in the office or relocate to Lincoln Nebraska for this opportunity but occasional travel to HQ will be required.

Working At CompanyCam

Our engineering team is remotefirst spanning every time zone in the United States. We welcome people from all backgrounds and really dont care whether or not you have a CS degree or even a high school diploma. All that matters is that youre not an a**hole and youre good at what you do.

At CompanyCam were driven to produce work with meaningful outcomes. That means not just dumping features and improvements but being able to reflect and learn from our outputs. Were actively working to center our work on continuous discovery habits (CDH) as outlined by Teresa Torres.

Okay thats how we identify work to do but how do we actually work We take a flexible approach pulling from Agile Sprints Kanban and even Shape Up. Rather than being overly prescriptive we provide guardrails and just enough constraints to keep teams moving. Each team is expected to collaborate iterate and refine their best practices to produce highquality work.

Our teams are made up of a product manager a product designer a QA engineer a senior developer and an appropriate number of engineers for the scope of your team. We also believe in intentional downtime. After delivering projects we carve out explicit time for teams to recoup explore selfdirected work and focus on what matters to themwhether thats learning new skills tackling pet projects or finally fixing that bug thats been nagging you.

We protect our engineers time treat them like adults and trust them to get their work done. Were also big on not overworking people. Put in your eight hours of focused quality work and then TURN. SLACK. OFF.No nights and weekends.

What Youll Do

• Create or contribute to tooling that supports secure code delivery and infrastructure as code validation
• Design and enforce access control mechanisms aligned with least privilege and segregation of duties across infrastructure applications and data layers
• Provide guidance on security best practices for product platform and infrastructure teams to align development with compliance requirements
• Partner with product and engineering to ensure appropriate handling of sensitive data including encryption retention and secure deletion policies
• Build automated playbooks for security incident response and partner with teams on realworld incident handling
• Conduct proactive threat detection and response activities including investigation and forensics as needed
• Maintain visibility into thirdparty and supply chain risks through vendor assessments and open source review
• Report on vulnerability trends and remediation metrics across environments
• Lead compliancerelated training initiatives ensuring teams understand security policies and regulatory requirements
• Contribute to security education for engineers through documentation secure development guidance and internal training.

What Youll Bring

• 5 years of handson experience in a security engineering or infrastructure security role
• Strong experience with cloudnative platforms (AWS preferred)
• Handson with CI/CD infrastructure as code and security automation
• Familiarity with compliance frameworks (SOC 2 ISO 27001 and data privacy regulations (GDPR CCPA)
• Experience with pen testing red teaming or offensive security methods
• Proficiency in web application security (preferably Ruby on Rails Django or Express)
• Scripting in Ruby and Bash preferred
• Ability to balance security risks with product and engineering goals
• Clear confident communication across both technical and nontechnical teams
• Comfortable navigating ambiguity and working in fastmoving environments
• A continuous growthmindset with a focus on learning embracing challenges and continuously improving.
• A knack for creativity and innovation bringing fresh ideas to the table and solving complex problems.

Benefits & Compensation

This is a salaried position at CompanyCam. Our starting salary is $130000 $170000 per year and is based on experience. We also offer meaningful equity and other benefits.

We pride ourselves on celebrating everyone. CompanyCam is an equalopportunity employer actively working on creating an inclusive work environment where everyone can thrive. Are you reading this and wondering if you meet every requirement Studies show that workplace minorities such as women and people of color are less likely than other applicants to apply for a job when they dont meet every single requirement. Even if your experience doesnt perfectly align we encourage you to apply. Were interested in hiring passionate hardworking peoplenot checking boxes.

For any accommodations or adjustments to complete the online application or to participate in the interview process please email and well respond to your email promptly. Do not include any medical or health information in your email.