Own, develop, and maintain the company security policy framework, ensuring policies are current, practical, and aligned with compliance requirements (SOC 2, ISO 27001, etc.).
Develop and maintain security playbooks, incident response procedures, and standard operating procedures across all security domains.
Own Outset’s internal IT security program—including assessment, administration, and implementation of controls across corporate systems, endpoints, and SaaS tooling.
Own the customer security questionnaire process: review, respond to, and track all inbound security assessments from prospects and customers.
Assess and triage reported security vulnerabilities, prioritizing based on risk and directly implementing fixes across production software and infrastructure using hands-on (AI-assisted) coding skills.
Lead investigations into security alerts and incidents; own the end-to-end response and post-incident review process.
Design and implement security controls across cloud infrastructure (AWS), corporate systems, and endpoints.
Conduct internal security reviews and threat modeling for new and existing products and features.
Partner with engineering to embed secure development practices into CI/CD workflows and the SDLC.
Manage the penetration testing program—scoping engagements, coordinating external vendors, and driving remediation of findings.
Build and maintain detection and response pipelines for cloud and application environments; manage SIEM tooling and log analytics.
Support SOC 2 and other compliance initiatives through technical controls, policy documentation, and audit evidence collection.
Manage third-party risk assessments and vendor security reviews.

Requirements

6+ years of experience in security engineering, DevSecOps, information security, or a related role.
Demonstrated experience authoring and maintaining security policies, standards, and playbooks.
Hands-on familiarity with cloud environments (AWS) and modern SaaS tooling stacks.
Strong understanding of identity management, endpoint protection, and network security fundamentals.
Proficiency in scripting or automation (Python, Go, or similar); comfort using AI-assisted coding tools for production changes.
Experience managing customer-facing security questionnaires and security review processes.
Experience running or coordinating penetration testing engagements with external vendors.
Experience with SIEM, detection engineering, or log analytics platforms.
Exposure to compliance frameworks (SOC 2, ISO 27001) and the technical controls that underpin them.
Excellent communication skills—able to translate complex security concepts for non-technical stakeholders.
Startup experience or demonstrated comfort operating in fast-moving, ambiguous environments.
Familiarity with securing AI/ML pipelines, data infrastructure, or internal developer tooling is a plus.

Benefits

Daily collaboration with founders, shaping the core product vision.
Exposure to and collaboration with design and research leaders at top global brands.
Competitive cash and equity compensation. Actual compensation packages are based on various factors unique to each candidate, including skill set, depth of experience, and certifications.

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

security policy developmentincident response proceduressecurity controls implementationvulnerability assessmentpenetration testingscriptingautomationcloud securitySIEMlog analytics

Soft Skills

communication skillsleadershipproblem-solvingcollaborationadaptability

Certifications

SOC 2ISO 27001