Trust and Safety Engineer

• Named the #1 Restaurant POS by G2(Fall 2025) based on ratings from real users
• Rated thetop-rated point-of-sale(POS) for restaurants bars retail and small businesses by Capterra users
• AwardedGreat Places to Workand Built InsBest Workplacesfor multiple years running

We are seeking a Trust & Safety Engineer to help protect our SaaS-based eCommerce platform by blending compliance engineering with security this role you will build operate and automate security controls while designing infrastructure that meets the highest standards of trust and role blends compliance engineering security operations and risk monitoring. You will be responsible for ensuring our systems meet regulatory and trust requirements (SOC 2 ISO 27001 PCI DSS GDPR/CCPA) while also leading core security detection monitoring and incident response believe that trust is earnedand sustainedthrough transparency accountability and secure engineering. As a Trust Safety & Security Operations Engineer youll help us ensure our business systems and people operate with integrity and compliance at every level.

What Youll Do

Incident Response & Security Operations

• Lead security incident response efforts including containment investigation root cause analysis and post-incident reviews. You must be able to organize complex information initiate response workflows and confidently lead calls with key stakeholders.
• Manage and monitor endpoint security tools (e.g. CrowdStrike). You must be familiar with modern security requirements for managed devices including laptops containerized resources servers and mobile devices.
• Operate and enhance security monitoring and alerting across cloud SaaS endpoint and identity environments.
• Triage and investigate security alerts related to access misuse policy violations suspicious activity and data exposure.
• Maintain and tune SIEM detections alert thresholds and response playbooks.
• Leverage AI tools and technologies to enhance Security Operations

Compliance Engineering & Automation

• Lead the technical requirements to enable automation capabilities to improve time-to-respond evidence collection and overall efficacy for visibility and reporting.
• Implement and automate compliance workflows by building integrations that support SOC 2 ISO 27001 PCI DSS and privacy initiatives.
• Ensure evidence is collected automatically and control performance is continuously validated.
• Translate policies into technical solutions and annually maintain policies to ensure they remain current with evolving business and regulatory needs.
• Evaluate risk posture and technical requirements for third-party vendors to ensure alignment with internal trust and security standards.
• Identify areas for AI tools and technologies to enhance GRC functions

Data Protection & Risk Management

• Engineer and maintain data protection controlsincluding encryption logging access management data retention and proper storage and segregation of PII.
• Conduct periodic user access reviews and implement least-privilege access controls and privileged access workflows.
• Detect and investigate insider risk indicators and anomalous access patterns.
• Secure by Design: Partner with product engineering and IT teams to embed compliance-by-design principles into new systems and business processes.

What Youll Bring

Experience & Education

• 37 years of experience in security engineering compliance automation Security Operations or GRC-aligned roles in a SaaS or eCommerce environment.
• Bachelors degree in Computer Science Cybersecurity Information Systems or related field (or equivalent experience).
• Certifications: CISSP is preferred but not required

Technical Skills

• Hands-on experience implementing and administering endpoint management & security technologies
• Understanding of compliance frameworks including SOC 2 PCI DSS GDPR and CCPA.
• Hands-on experience securing cloud platforms and SaaS management tools.
• Proficiency in scripting (Python PowerShell Bash)
• Experience leveraging AI tools and technologies to create opportunities for optimization automation and intelligent use of data integrations.
• Experience administering a SIEM alerting and incident response workflows.
• Experience with compliance automation platforms (e.g. Drata)
• Background in risk scoring or control maturity frameworks.

Soft Skills

• Comfortable leading large calls with key stakeholders and explaining technical controls to non-technical audiences.
• A bias for action; you are a self-starter comfortable working autonomously.
• Possess intellectual curiosity at all times
• Desire to build and maintain relationships across the business including both technical and non-technical teams

We will never ask candidates to pay fees purchase equipment or share sensitive personal or financial information during the hiring process. All legitimate communication from our recruiting team will come from an official company email address (@). If something seems suspicious please contact us at.

SpotOn is an equal employment opportunity employer. Qualified candidates are considered for employment without regard to race religion gender gender identity sexual orientation national origin age military or veteran status disability or any other characteristic protected by applicable law.

SpotOn is an E-Verify company.