Security Engineer

Responsibilities

SOC2 Certification Maintenance (Primary Focus):

• Analyze the impact of the merger on current SOC2 certification scope
• Identify infrastructure, process, and control changes related to our integration
• Adapt and update existing SOC2 controls to reflect the new environment
• Document all system, process, and policy changes within the SOC2 framework
• Collaborate with integration Product teams to align security and compliance practices
• Organize evidence necessary for SOC2 Type 2 audit
• Identify and address compliance gaps discovered during transition
• Implement or adapt automated controls to maintain continuous compliance
• Train teams on new security and compliance procedures
• Prepare compliance reports and presentations for stakeholders
• Coordinate with IT, DevOps, and Engineering teams for control implementation

Profile Requirements:

• Minimum 5 years of experience in information security and compliance
• Expertise in SOC2 frameworks (Trust Services Criteria) and compliance audits
• Hands-on experience in preparing and maintaining SOC2 Type 1 and Type 2 certifications
• Deep understanding of security controls (access control, change management, monitoring, incident response)
• Experience in documentation and evidence collection for external audits
• Knowledge of complementary security standards (ISO 27001, NIST, CIS Controls)
• Experience with GRC tools (ServiceNow GRC, Vanta, Drata, Secureframe)
• Skills in risk assessment and impact analysis
• Ability to work with external auditors and respond to compliance questionnaires
• Excellent documentation and communication skills
• Ability to explain security concepts to non-technical audiences
• Proficiency in Engslish (oral and written)