Chief Information Security Officer (CISO)
Leads end-to-end information security including cloud architecture, product security, compliance (SOC 2, ISO 27001, ITAR), and incident response for a high-growth industrial tech company. Requires 10+ years experience with 3+ in senior leadership and deep AWS/cloud expertise.
Responsibilities
- Define and execute Lumafield's multi-year information security strategy, aligning it with business objectives and customer trust requirements
- Own security architecture for Voyager, our cloud-based CT analysis platform, including data storage, access controls, API security, and multi-tenant isolation
- Embed security into the SDLC by partnering with Engineering and DevOps on threat modeling, secure code review, vulnerability management, and penetration testing
- Extend security best practices to Lumafield's hardware products and firmware, including the Neptune and Triton scanner families
- Lead and maintain compliance certifications (SOC 2 Type II, ISO 27001) and oversee ongoing adherence to ITAR/EAR requirements across our export-controlled facility and customer engagements
- Be an integral part of our enterprise sales process — handle security questionnaires, support complex sales cycles, and build trust with InfoSec teams at major manufacturers
- Build and continuously test Lumafield's incident response plan; own the enterprise risk register and manage third-party vendor risk
- Champion a security-first culture through training, clear policies, and acting as a pragmatic advisor to business stakeholders
Requirements
- 10+ years of progressive experience in information security, with at least 3 years in a senior leadership role (CISO, VP of Security, or equivalent)
- Demonstrated success building or significantly maturing a security program at a high-growth technology company
- Deep expertise in cloud security, particularly AWS, including IAM, network security, data encryption, and cloud-native security tooling
- Strong working knowledge of compliance frameworks: SOC 2, ISO 27001, CMMC, FEDRAMP, and ITAR/EAR
- Track record of leading incident response for significant security events
- Excellent communicator — able to translate complex security risk into clear business terms for the leadership team, customers, and cross-functional partners
- Experience managing security in enterprise sales cycles, including responding to customer security questionnaires and participating in procurement reviews
Nice-to-haves
- Background in industrial technology, hardware/IoT security, or manufacturing sectors
- Experience with medical device, aerospace, or defense industry compliance requirements
- Prior experience as a first or early CISO, comfortable operating with both strategic vision and hands-on execution
- Relevant certifications: CISSP, CISM, CCSP, or equivalent
Senior Privacy Engineer
Lead privacy engineering projects protecting user data across search, browser, and AI features. Own major privacy components, participate in audits, and mentor engineers using Go, Node.js, Python, or Perl.
Product Security Engineer
Product Security Engineer embedding into engineering workflows to conduct architecture reviews, threat modeling, and penetration testing coordination while serving as GCP security SME. Requires 5-7 years experience and strong GCP and Python skills.
Senior Product Security Engineer II
Senior security engineer focused on offensive security testing, penetration testing, and scaling security practices across Instacart's product suite. Requires 7+ years in security engineering or pentesting with experience in mobile, cloud, or AI security.
Staff Software Engineer, Security
Staff Security Software Engineer designing and building scalable security infrastructure, identity systems, and compliance automation platforms. Requires 8+ years software engineering experience with deep Kubernetes, Go/Rust, and cloud platform expertise.