Lead Security Engineer

Remote Full-time
This a Full Remote job, the offer is available from: Estonia, Ukraine, Bulgaria, Poland, Romania, Palestine, Georgia (USA)

As the first dedicated security hire at RemoFirst, you will be the architect of our trust layer. We are a fast-growing Series A company handling sensitive data, and we need a Lead Security Engineer who thrives at the intersection of deep technical implementation and strategic compliance. You won’t just be writing policies; you’ll be configuring our Auth0 tenants, hardening our AWS infrastructure, and ensuring our AI/LLM deployments are secure. You will own our SOC 2 and ISO 27001 programs from end-to-end, avoiding the "check-the-box" compliance and instead moving us toward a culture of continuous security. We run payroll in 185 countries, collect tons of PII, run KYC checks and combat both internal and external fraud. Compliance and Security are not an afterthought for our product, but an essential part of establishing trust with our clients.

Core Responsibilities:
• 1. Identity & Access Management (The Core)
• Customer Identity: Own the architecture and security of our Auth0 implementation for client-facing applications. You will be fine-tuning our internal authentication service to support SCIM provisioning and help set up the OIDC federation with our enterprise client’s IdPs.
• Internal Identity: Manage and automate our Okta environment, ensuring seamless SSO, lifecycle management (onboarding/offboarding), and hardware-based MFA. Expect a fairly complex internal RBAC and the need to actually speak with the other functions within the organization to understand their ways of working and translate them into security controls
• Cloud Identity: Enforce "Least Privilege" across our AWS ecosystem, managing complex AWS IAM policies and Service Control Policies (SCPs).
• 2. Security Engineering & Pentesting
• Offensive Security: Conduct regular internal pentests and vulnerability scans against our Python/Django and Java/Spring Boot services as well as coordinate with 3LOD pen testers
• Secure SDLC: Work alongside devs to review code (e.g. implementation of the security library you’ve built), secure our Postgres databases, help engineers with thread modelling and harden our Kafka message streams. You will be the owner of our SAST/DAST and detect license misuse, outdated libraries, and help shape a non-invasive secure SDLC that developers love by building paved roads
• AI Security: Define the guardrails for our AI initiatives, ensuring data privacy in LLM prompts and securing our model pipeline.
• 3. Governance, Risk, and Compliance (GRC)
• The Audit Lead: Take the wheel for our SOC 2 Type II and ISO 27001 certifications. You will be a key person in maintaining our internal risk register as well as helping our Front-line teams with inbound security questionnaires from large clients.
• Automation: Utilize compliance automation tools to ensure we stay "audit-ready" every single day, not just once a year. You will own our “Trust Center” in Thoropass (our compliance platform)
• Policy as Code: Help draft and implement pragmatic security policies that reflect how a modern startup actually works. We are talking about data residency, logging, audit trails, dealing with non-repudiation, etc.
Technical Requirements:
• Familiarity with our core tech stack: Python/Java with Django, FastAPI & SpringBoot is at the heart of our services. We are using Kafka & RabbitMQ for interservice communications and PostgreSQL with some MongoDB on our persistence layer
• Strong knowledge of Cloud Infrastructure: We use AWS with EKS, RDS as well the traditional IAM, S3, etc.
• Internal & User-facing IAM: Comfortable with IAM - some experience with Okta and/or Auth0. Good understanding of protocols like SAML, OIDC, understanding of API-based security
• Compliance: Familiarity with the SOC2 and ISO27001 audit cycle, comfortable with working with Risk & Compliance teams, both internal and external
Who You Are:
• The Builder: You have 5+ years of experience in security engineering. You prefer an IDE to a spreadsheet.
• The Auditor-Translator: You can explain complex ISO 27001 requirements to a software engineer in a way that makes sense to them.
• The Pragmatist: You understand that "No" is not always the answer. You find ways to enable the business to move fast, safely.
• Bonus points - An AI Enthusiast: You are keeping up with the OWASP Top 10 for LLMs and understand the risks of prompt injection and data leakage.This offer from "Remofirst" has been enriched by Jobgether.com and got a 75% flex score.

Apply tot his job

Apply To this Job
Apply Now →

Similar Jobs

Experienced Registered Behavior Technician for In-Home ABA Therapy - Atlanta, GA

Remote

Immediate Hiring: Experienced Registered Behavioral Technician (RBT) for Clinic-Based ABA Therapy Services

Remote

Experienced Registered Behavioral Technician (RBT) - ABA Therapy for Children with Autism Spectrum Disorder

Remote

Experienced Registered Nurse - Telehealth: Providing Remote Care Coordination and Patient Support

Remote

Experienced Substitute Teacher for Riverside County Schools - Join Scoot Education's Innovative Team

Remote

Experienced Substitute Teacher for San Bernardino County - Flexible Schedules & Competitive Pay

Remote

Experienced School Year Instructional Coach for High-Dosage Tutoring Programs in Edgewater Park, NJ

Remote

Experienced School Year Tutor for K-8 Students in Math and Literacy - Mickleton, NJ

Remote

Experienced Secondary Social Studies Teacher for Kansas - Flexible Hybrid Remote Arrangement

Remote

USPS Office Helper

Remote

Experienced Remote Benefits Representative and Customer Service Agent – Delivering Exceptional Support and Guidance to Clients

Remote

Entry Level Remote Jobs No Experience | $25–$35/Hour Chat Support Representative – Fully Remote & Flexible

Remote

[Remote] Customer Service Representitive

Remote

The Senior Business Analyst - JDE Warehouse (Remote)

Remote

Experienced Customer Service Representative – Casual Evening and Midnight Shifts Available at arenaflex in Thornlie (Canning Vale), WA

Remote

Sales Representative (Leça do Balio, PT)

Remote

Content Development Excellence Specialist (Copywriter)

Remote

Transportation Aide - CNA

Remote

Trainer, Family Peer Support

Remote

Experienced Customer Experience Representative – Delivering Exceptional Guest Experiences in a Dynamic and Rewarding Environment at careerzynith

Remote
← Back