Security and Compliance Engineer
Security and Compliance Engineer at JumpCloud
Louisville, CO and Denver, CO and Remote
Overview:
JumpCloud is in search of a Security & Compliance Engineer. Security is a critical aspect of JumpCloud’s mission, ensuring our Directory-as-a-Service® product, leveraged by thousands of customers around the globe to implement their own secure access controls and device management, is hyper-secure and our workforce is diligent in the protection of our platform. We’re serious about protecting our infrastructure, operations, and most importantly, our customer’s trust in leveraging our platform everyday to control their environments.
As a key member of JumpCloud’s security team, you understand that building user trust is critical to our success. To do that, you must be passionate about information security, risk management, privacy and teaching our employees about how to maintain vigilance to protect our company and, by extension, our customers. You have the focus and organization to build on what we’ve already started and champion the adoption of sound security practices across all of JumpCloud’s business and engineering teams. In addition to understanding the SDLC of a cloud-based software company, you are equally interested in learning new regulatory and regulatory standards, their requirements, and assisting our company in maintaining compliance. Lastly, you jump at the chance to use your technical and compliance knowledge to interface with our customers by answering questions and directly engage to ensure confidence.
Responsibilities:
- Codify and raise awareness of JumpCloud’s internal security policies and practices while instituting a regular cadence of training.
- Institute programs to internally test our employees
- Build and maintain a formalized customer inquiries program; including the development of any customer facing documentation and responses regarding JumpCloud’s information security, compliance and regulatory programs.
- Manage and respond to all customer information security or compliance inquiries and audits.
- Be available as needed to discuss JumpCloud’s security program and practices with existing and potential customers.
- Spearhead and maintain various regulatory and compliance attestation and/or certification programs working directly with our auditors (including SOC 2).
- Work with JumpCloud’s engineering team to analyze and vet vendor’s security postures prior to any integrations within, or to, our platform.
- Collaborate with devops and IT counterparts to improve network and infrastructure security to better secure customer data
- Partner with our executive and security leadership to create policies and artifacts that support compliance programs
Requirements:
- 1-3 years of information security experience working in the capacity of a security and / or compliance role for a software company
- Experience working on audits to assist in achieving compliance with a company’s regulatory needs
- Experience managing customer information security, compliance and regulatory inquiries and audits.
- Experience interacting directly with customers to discuss sensitive security policies.
- Experience implementing, participating in, or conducting security assessments of compliance programs (e.g.: SOC 2, FedRAMP, ISO 27001, HIPAA, etc.).
- Ability to work independently and potentially remotely, communicating across multiple time zones if required
- Experience working with cross-functional teams and multiple stakeholders with varying levels of technical aptitude.
- Familiarity with generally-accepted security methods, concepts and techniques.
- Effective communication with great interpersonal and presentation skills, writing well to translate complex issues into simple language that people who are not experts can understand.
Preferred:
- Bachelor’s degree in computer science or equivalent educational or professional experience and/or qualifications.
- Thorough understanding of underlying AWS infrastructure components and best practices.
- CISA or CISSP
Please note JumpCloud is not accepting third party resumes at this time.
We’re an equal opportunity employer. All applicants will be considered for employment without attention to race, color, religion, sex, sexual orientation, gender identity, national origin, veteran or disability status.