Leads Blue Team in information protection, incident detection/response, and security services. Oversees vulnerability management, threat hunting, and cloud security in AWS environments. Requires 5+ years security engineering experience and technical leadership of remote teams.
Salary not listed
Remote5+ YOESecurity Engineering
About the role
What You'll Do
Guide and coach Olo’s Blue Team
Guide and coach on Information Protection, Incident Detection and Response and Service Delivery.
Provide strategic and technical oversight to the team and the program.
Technically lead a team of security engineers and analysts who hunt, detect, and respond to internal and external threats.
Collaborate with customers and partners to strengthen their security posture.
Drive ongoing optimizations by implementing new technologies, replacing technologies, addressing evolving threats, scaling practices and automating security activities.
Keep team member and customers data safe by identifying and mitigating vulnerabilities and risks by providing actionable guidance to product teams.
Information Protection
Lead Olo’s Information Protection program including the selection, testing, implementation and maintenance of security tools and services, security awareness, service provider management and the ongoing testing of those controls.
Oversee Vulnerability Management program including vulnerability assessments, risk scoring and vulnerability resolution.
Oversee Threat Hunting program to detect and mitigate advanced threats.
Manage non-event driven security reviews, including concept reviews, design reviews, patching, firewall rules and system configuration checks.
Apply Web application and API security principles and techniques, such as zero trust, RBAC, authentication, authorization, auditing, rate limiting, challenges, etc., to protect our cloud-based services from unauthorized access and abuse.
Incident Detection and Response
Oversee Incident Detection and Response program including ownership of incident response processes, tools and services and the ongoing continuous improvement of those controls.
Coordinate the detection and response to attacks through all incident phases.
Ensure incident reports are accurate, detailed and relevant.
Monitor, detect, and remediate misconfigurations and security risks across our cloud environments.
Participate in a 24/7 on-call rotation.
Security Services
Oversee Security Services program including security support requests, risk assessments, vendor assessments, PCI and SOC audit support and service provider management.
What We'll Expect from You
5+ years of Security Engineering, Security Operations or Security Architecture experience.
CISSP, GCIH or similar certification preferred.
Experience acting as technical lead to distributed teams consisting largely of remote engineers.
Experience complying with PCI-DSS and other compliance and regulatory standards.
Experience with attacker tactics, techniques and procedures.
Knowledge of information technology, evolving threats, attack patterns, incident response and cyber security standards.
Experience developing and leading incident response, remediation and mitigation activities, and providing status updates and reports.
Experience analyzing security events to discern events that qualify as a legitimate security incident as opposed to non-incidents (ie. incident investigation, implementing countermeasures, and conducting incident response).
Deep understanding of operating system, networking and application concepts.
Experience hardening Windows, MacOS, Linux Containers and Kubernetes.
Familiarity with AWS security best practices and Infrastructure-as-Code.
Experience deploying and maintaining security technologies. (e.g. Access Proxies, API Gateway, Anti-Malware, Application Control, Cloud Security Posture, Data Leak Prevention, Data Mapping, Endpoint Detection & Response, Intrusion Detection System, File Integrity Monitoring, Firewalls, Mobile Device Management, Multi Factor Authentication, SIEM, Static Inspection, Vulnerability Assessment, Web Proxies, WAF and Zero Trust).
Adept at working with internal Product & Engineering, Legal, People & Culture, Finance and GTM teams and external partners, auditors and customers.
Ability to work during critical incidents or to support coverage requirements.
Senior Staff Security Engineer owning the roadmap for an AI-driven vulnerability scanning, triage, and automated remediation platform. Requires 8+ years in security engineering with deep cloud/container expertise, offensive security experience, and proficiency in Python/Go/Rust.
200k – 290k/yr
Remote8+ YOESecurity Engineering
Staff Software Engineer
PlaidNew York, NY +2
Staff Software Engineer building and leading development of Plaid's core security infrastructure including IAM, key management, encryption, and access control systems. Requires experience with scalable secure systems architecture plus technical leadership.
222k – 328k/yr
Hybrid7+ YOESecurity Engineering
Staff+ Application Security Engineer
AnthropicSan Francisco, CA +2
Staff Application Security Engineer focused on M&A due diligence and secure integration of acquired codebases and systems at Anthropic. Lead security assessments, risk readouts, post-close remediation and automation using Claude, while contributing to core AppSec work. Requires 7+ years AppSec experience, rapid codebase assessment skills, and coding ability.
320k – 485k/yr
Hybrid7+ YOESecurity Engineering
Staff Security Risk & Compliance Program Manager
ConfluentTexas
Own and evolve Confluent's internal access management program with focus on machine/workload identity, S2S auth, non-human identities, and AI agent controls. Set the Access Management Standard, own metrics/reporting/OKRs, and drive governance, risk reduction, and cross-functional execution for least-privilege outcomes.
222k – 261k/yr
Remote8+ YOESecurity Engineering
Senior/Staff Infrastructure Security Engineer
AbridgeSan Francisco, CA +1
Senior/Staff Infrastructure Security Engineer building self-service security platforms, automating DevSecOps workflows, and designing high-scale security data pipelines and IaC guardrails in a greenfield cloud-native environment at an AI healthcare company. Requires 8+ years software engineering experience with deep cloud and IaC expertise.