Sr. Information Security Engineer

COMPANY: Canoe Intelligence
WEBSITE: https://canoeintelligence.com/
TITLE: Sr. Information Security Engineer
LOCATION: New York City (hybrid) or Fully Remote in the United States
SALARY: $100,000 - $140,000 plus bonus and equity (based on NYC, will be adjusted for geo)
The Role:
As an Information Security Engineer, you will be responsible for implementing and maintaining Canoe Intelligence's information security controls, procedures, and technology. You will work within the InfoSec team and collaborate with other departments to ensure the confidentiality, integrity, and availability of our systems and data. A successful candidate will have hands-on experience in cloud security, endpoint management, and security operations, with specific experience in securing AWS environments, SaaS products, and utilizing SIEM and vulnerability management tools.
What You'll Do:

• Implement and maintain information security policies, standards, and procedures.
• Collaborate with the DevOps team to implement, configure, and operate security controls within our AWS infrastructure and cloud SaaS products.
• Execute and maintain day-to-day security operations, including endpoint management using tools like CrowdStrike, JAMF, and Kaseya.
• Utilize and operate Wiz.io for cloud security posture management and continuous vulnerability scanning.
• Configure, monitor, and analyze security events in our SIEM tool, SumoLogic, for log analysis and threat detection.
• Support the Due Diligence Questionnaire process by contributing technical details and documentation for client and prospect inquiries.
• Serve as a security subject matter expert to internal teams, providing technical depth to articulate Canoe's security posture.
• Execute technical tasks necessary to maintain compliance with relevant industry regulations and standards (e.g., SOC 2, GDPR).
• Conduct technical security risk assessments and vulnerability assessments on systems and applications.
• Triage and respond to security incidents, assisting in incident response efforts.
• Partner with engineering and product teams to integrate security tools and practices into the development lifecycle (DevSecOps).
• Contribute to the creation and delivery of internal security awareness materials and training.

What We're Looking For:

• 5+ years of hands-on experience as an Information Security Engineer or in a similar technical security role.
• Demonstrated technical proficiency in AWS security best practices and securing cloud SaaS products.
• Direct, operational experience with endpoint management tools
• Hands-on experience with cloud security posture management (CSPM) tools
• Proficiency in configuring and utilizing SIEM tools for log analysis, alert tuning, and threat detection.
• Working knowledge of technical security controls required for compliance frameworks (e.g., SOC 2, GDPR).
• Experience in conducting technical vulnerability assessments and penetration test coordination.
• Proven ability to triage and respond effectively to security alerts and incidents.
• Strong collaboration, problem-solving, and written/verbal communication skills.
• Ability to manage competing priorities and thrive in a fast-paced, dynamic environment.

Preferred:

• Relevant technical security certifications (e.g., Security+, AWS Certified Security - Specialty, OSCP).
• Experience with scripting languages (e.g., Python, Bash) for security automation.
• Familiarity with DevSecOps practices and integrating security tooling into CI/CD pipelines.
• Prior experience in a FinTech or a fast-paced, product-centric environment.

What You'll Get:

• Medical, dental, vision benefits
• Flexible PTO
• 401(k)
• Flexible work from home policy
• Home office stipend
• Employee Assistance Program
• Gym/Wifi reimbursement
• Education assistance
• Parental Leave

Our Values:

• Client First -> Listen, and deliver client-centric solutions
• Be An Owner -> Take initiative, improve situations, drive positive outcomes
• Excellence -> Always set the highest standard for yourself and others
• Win Together -> 1 + 1 = 3

Who We Are:
Canoe is reimagining alternative investment data processes for hundreds of leading institutional investors, capital allocators, asset servicing firms and wealth managers. By combining industry expertise with the most sophisticated data capture technologies, Canoe's technology automates the highly-frustrating, time-consuming, and costly manual workflows related to alternative investment document and data management, extraction and delivery. With Canoe, clients can refocus capital and human resources on business performance and growth, increase efficiency, and gain deeper access to their data. Canoe's AI-driven platform was developed in 2013 for Portage Partners LLC, a private investment firm.
Canoe is an equal opportunity employer. All aspects of employment including the decision to hire, promote, discipline, or discharge, will be based on merit, competence, performance, and business needs. We do not discriminate on the basis of race, color, religion, marital status, age, national origin, ancestry, physical or mental disability, medical condition, pregnancy, genetic information, gender, sexual orientation, gender identity or expression, veteran status, or any other status protected under federal, state, or local law.