Information Security Engineer
Share
Job Location:
Lexington, KY - USA
Monthly Salary:
Not Disclosed
Posted on:
11 hours ago
Vacancies:
1 Vacancy
Department:
Job Summary
Information Security Engineer
AboutBitwerx
Bitwerx Inc. is a team of industry experts focused on designing building and supporting innovative software solutions thatleveragedata to improvethe customerjourney. Our experience spans many industries with a focus on veterinary and our partners range from startups trying to bring a new idea to market to Fortune 500 companies looking to become more agile.
About the role
We are seeking anInformation Security Engineer to serve as the primary owner ofBitwerxsInformation Security governance policies and compliance framework leading the design implementation and ongoing maturation of the security program with a core focus on SOC 2 Type 2 and broader U.S. and international compliance requirements.
This is a hands-onindividual contributor role. You willbe responsible forbuilding practical scalable security controls; refining policies and standards; operationalizing compliance requirements; and partnering closely with our Platform Deliveryand Software Engineering teams to embed security into day-to-day operations.
This role may be based in Lexington KY (hybrid) or performed remotely from select U.S. locations.
WhatYoullDo
Security & Compliance Program Ownership
- Ownend-to-end SOC 2 Type 2 execution
- Designrefine andvalidatesecurity controls
- Prepare audit evidence and remediation plans
Policy Risk and Governance
- Author andmaintainsecurity policies and standards
- Maintain the risk register and treatment plans
- Manage vendor risk workflows
Cloud and Platform Security
- Implement Azure security guardrails
- Enforce IAM RBAC MFA and conditional access
- Maintain the risk register and treatment plans
- Secure CI/CD pipelines and secrets
Monitoring and Incident Response
- Implement centralized logging and alerting
- Maintain Incident Response playbooks and lead response efforts
- Perform root cause analysis
- Manage tabletop exercises using real-world examples for team training
Audit and Automation
- Automate compliance evidence collection
- Ensure controls are sustainable year over year
WhatYoullBring
- 3 years in security and/or compliance engineering
- SOC 2 Type 2 hands-on experience
- Experience implementing international security and privacy compliance controls (e.g. GDPR OSFI and similar regulatory frameworks)
- Strong understanding of security architecture and risk management for data-centric organizations including large-scale data storage processing access controls and data lifecycle governance
- Azure cloud security experience
- Strong written and technical communication skills
- Proactive collaborative team player who thrives in a fast paced small company environment
- Experience withDratais preferred
What Success Looks Like
- Predictable low-stress audits
- Embedded security controls
- Automated evidence collection
Why This Role Matters
Security and compliance are foundational toBitwerxsgrowthreputationand customer trust.
What We Offer
- 100% company-paid health vision and dental insurance
- 401(k) with company match
- Robust PTO policy
- A collaborative and inclusive work culture
- Opportunities for professional growth and development
- The chance to make a significant impact on a growing company
Bitwerx Inc. is an Equal Opportunity Employer. Your application will be considered regardless of race color national origin age disability gender sexual orientation gender identity or expression marital status or veteran status. You must be legally authorized to work in the U.S.
Required Experience:
Manager
