Lead the organization through its first SOC 2 Type II audit: conduct a readiness assessment, identify control gaps, implement remediation plans, coordinate with external auditors, and deliver a clean report
Define and maintain the full set of SOC 2 policies, procedures, and technical controls across the Trust Services Criteria (security, availability, confidentiality, processing integrity, privacy)
Build and operationalize continuous compliance monitoring so that evidence collection, access reviews, and control testing become part of everyday engineering workflows rather than a one-time effort
Define and execute the longer-term strategic vision for site reliability and security across the organization
Establish and enforce SLAs, SLOs, and SLIs for critical services; drive accountability for uptime and incident response
Own the incident management lifecycle, including on-call rotations, post-incident reviews, and continuous improvement of response processes
Architect and oversee cloud infrastructure for high availability, disaster recovery, and horizontal scalability
Harden existing Infrastructure as Code pipelines with security scanning, policy-as-code guardrails, and CI/CD security gates
Evaluate and introduce monitoring, observability, and security tooling to improve detection, response, and prevention capabilities
Establish and maintain security policies, access controls, and data protection standards
Collaborate with cross-functional teams to balance reliability and security investments against feature delivery

Requirements

Direct, hands-on experience leading an organization through a SOC 2 Type II audit
Deep expertise in Azure, including networking, identity (Entra ID), and security services
Strong experience with Terraform for Infrastructure as Code, including module design and state management
Proven track record designing and operating highly available, distributed systems in production
Hands-on experience with Kubernetes, Docker, and modern CI/CD tooling and DevOps practices
Strong understanding of application and network security principles, including authentication, authorization, encryption, and zero-trust architectures
Experience implementing and managing observability stacks (e.g., Datadog, Prometheus, Grafana, ELK)
Excellent written and verbal communication skills with both technical and non-technical stakeholders
Experience with incident management platforms and processes, including blameless post-mortems
Comfortable operating as a hands-on individual contributor while also setting strategy and influencing engineering culture

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

SOC 2 Type II auditAzureTerraformKubernetesDockerCI/CDapplication securitynetwork securityobservability stacksInfrastructure as Code

Soft Skills

communication skillscollaborationincident managementstrategic visionaccountabilitycontinuous improvementcross-functional teamworkleadershipinfluencing engineering culturehands-on contributor