Cloud Security & Compliance Engineer

Mine Vision Systems is a mining technology company building the decision-making platform for underground mining. We introduce high-fidelity data into the mining workflow that has simply never existed before enabling operators to move from assumptions to evidence-based decisions. Our digital infrastructure is designed to map monitor and manage the underground mining environment with confidence creating a persistent data-rich foundation for operational and strategic decision-making. Since the launch of our flagship product FaceCapture in late 2023 adoption has accelerated rapidly as customers realize the value of truly understanding their underground operations.

We focus on underground mining of critical minerals and precious metals where small improvements in accuracy and insight drive outsized returns. Our technology delivers millions of dollars in annual value by minimizing overbreak improving ore calls enhancing resource models and enabling a growing set of high-impact applications across the mine lifecycle. By transforming raw underground data into actionable intelligence Mine Vision Systems empowers mining teams to operate more efficiently more predictably and with greater confidence than ever before.

Role Summary

We are looking for a senior Cloud Security & Compliance Engineer to own MVSs AWS controls and the compliance program that underwrites our cloud product. You will be the long-term owner of two intertwined workstreams: the AWS infrastructure that runs our cloud platform (Organizations IAM Identity Center KMS networking S3 hardening backups) and the compliance posture our customers expect SOC 2 Type 2 and ISO 27001 with growing scrutiny on data sovereignty as we expand internationally. Until you land this work is being done best effort by the engineering team; your arrival is what lets it become a real audit-ready program. This role is platform-heavy security-first and partner-oriented; it prioritizes hands-on AWS depth real audit and controls experience and the judgment to know when to invest in foundation versus when to ship. The right person treats security as something that makes the product easier to sell not harder to build and is the calm voice in incident response not the loud one.

Key Responsibilities

• AWS infrastructure ownership: Own MVSs AWS account structure IAM Identity Center KMS (per-tenant encryption) networking S3 hardening backups in a separate account and the AWS Organizations / SCP baseline; partner with the engineering team through the cloud MVP and own it long-term.
• SOC 2 Type 2 program: Run MVS through its first SOC 2 Type 2 readiness assessment control design evidence collection observation period auditor engagement and report delivery. Make the controls real not theater.
• ISO 27001 adjacent frameworks: Plan and execute ISO 27001 (and 27017 / 27018) after SOC 2 lands; layer in GDPR-style privacy controls as international customers require them.
• Identity and access: Run IAM Identity Center as the front door to AWS; no long-lived keys JIT admin elevation hardware MFA for privileged users quarterly access reviews.
• Detection and response: Centralize CloudTrail GuardDuty Security Hub AWS Config; tune alerts so they mean something; own the incident-response playbook and exercise it.
• Data protection and tenant isolation: Lock down early choices per-tenant KMS keys S3 Object Lock for scan data signed RTO/RPO targets and own the multi-tenant isolation pattern through audit. Plan BYOK (customer-managed KMS) for the enterprise mining customers who will eventually ask.
• Compliance partnership across the company: Work with Finance Sales and Customer Success on customer-facing security artifacts trust page DPA sub-processor list breach-notification SLAs and customer security reviews.
• Pipeline security (partner with Platform Engineering): Define the security controls embedded in the CI/CD pipeline secret scanning dependency scanning SBOM license compliance signed artifacts and audit that the evidence holds up under SOC 2 / ISO scrutiny. The Platform Engineers implement; you set the spec and review.
• Vendor and risk management: Own AWS Support tier engagement third-party risk reviews annual pentest cycles and budget for compliance tooling and external auditors.

Qualifications

• 5 years of hands-on AWS infrastructure experience not just talk and diagrams; you have actually run AWS Organizations IAM Identity Center KMS CloudTrail GuardDuty S3 hardening and IaC (Terraform or equivalent) in production.
• Direct experience taking a company through SOC 2 Type 2 or ISO 27001 readiness evidence the auditor cycle and ideally one or more clean reports already under your belt.
• Strong understanding of multi-tenant isolation patterns and the trade-offs (DB-per-tenant / schema-per-tenant / row-level) and the audit implications of each.
• Working knowledge of GDPR / international privacy frameworks and what cross-border transfer actually requires in practice.
• Comfortable scripting (Python or Bash) and reading code in the languages our team writes (Python C) so you can audit whats deployed not just whats documented.
• Strong written communication for both engineers (control specs runbooks) and external auditors/customer security reviewers and the judgment to tailor each.
• Bias toward controls engineers can live with paved road not roadblock.

Desirable

• Hands-on with AWS Outposts sovereign-cloud patterns or regulated-data sovereignty work (Indigenous data financial reporting integrity sector-specific controls).
• Background in a regulated industry (mining financial services healthcare defense) where compliance is a customer requirement not a checkbox.
• Kubernetes security experience cluster hardening RBAC network policies and container image scanning. Certified Kubernetes Security Specialist (CKS) a plus.
• AWS Certified Security Specialty (or equivalent demonstrated AWS security depth).
• Familiarity with SBOM signed-artifact pipelines and modern supply-chain security.
• Working understanding of AI-assisted development workflows; able to use AI tooling productively in your own day-to-day.

What Success Looks Like

• SOC 2 Type 2 lands without drama. The first report ships on schedule; the second comes routinely.
• AWS posture is real not aspirational. Tenant isolation decided and enforced; KMS per-tenant in place; CloudTrail and detection actually monitored; root accounts protected.
• Engineers feel safer not slower. Controls are the paved road; the team reaches for the secure way because its the easy way.
• Deals are never blocked on security. A customers security review is a 30-minute conversation not a six-week fire drill.
• Youre the calm voice in incident response. When something happens youre already a step ahead playbooks run evidence preserved blast radius known communication ready.

Benefits

• We are a fast paced and growing company with real robotic hardware in the field around the world generating actual revenue
• Competitive compensation and full benefits: medical dental vision disability life insurance 401(k) with match
• Uncounted PTO policy and flexible hybrid work model
• Small fast-moving team with hands-on work and immediate impact