About Copia
Copia Automation builds the version control and change management platform for industrial automation. Our customers are in oil & gas, manufacturing, and critical infrastructure — environments where the code running on PLCs, SCADA systems, and HMIs has direct safety implications. We bring modern software engineering practices to operational technology teams that have been underserved by tooling for decades.
We’re a well-funded startup growing fast, with enterprise customers deploying Copia across hundreds of facilities. Our headquarters is in New York City.
The Role
We’re hiring a Lead Security Engineer to mature Copia’s security engineering program. You’ll work closely with our CISO and report into engineering leadership.
This is not a siloed role. You’ll be the person responsible for detection engineering on Monday, IAM architecture on Tuesday, compliance evidence on Wednesday, and incident response whenever it’s needed. We need someone who can context-switch across security domains and knows which problem to prioritize on any given day.
You should be comfortable building a security program, not just operating one someone else designed. If you’ve been the first or second security engineer at a startup before, you know exactly what this means.
What you'll own:
- Detection Engineering & Incident Response: Build, tune, and maintain detection pipelines and alerting. Run incident investigations and root-cause analysis. Drive toward full visibility and monitoring coverage across cloud and endpoint assets.
- Cloud & Infrastructure Security: Secure our AWS environment — IAM policies, network segmentation, container security, secrets management. Codify security guardrails in infrastructure-as-code. Review architecture decisions with engineering for security impact.
- Enterprise Identity & Cloud Access: Architect and manage identity infrastructure across cloud and SaaS environments — IdP configuration, SSO/OIDC integration, SCIM provisioning, conditional access policies, and RBAC design. Own the full identity lifecycle from onboarding to offboarding, enforce least-privilege across AWS accounts and SaaS applications, and drive access certification and governance programs.
- Security Automation: Automate everything you can — alert triage, access provisioning, evidence collection, vulnerability management workflows. You’re one person covering a lot of ground; automation is how you scale.
What we're looking for:
- Strong detection engineering skills — you’ve built and tuned SIEM rules, written detection content, and investigated real alerts, not just monitored dashboards someone else built
- Deep understanding of AWS security architecture — IAM, VPC design, multi-account strategies, and native security services
- Proficiency with infrastructure-as-code for security — codifying policies, guardrails, and configurations rather than clicking through consoles
- Experience with identity and access management architecture — IdP configuration, SSO/OIDC, RBAC design, and access lifecycle automation
- Scripting and automation chops in Python, Bash, or PowerShell for security operations, orchestration, and evidence workflows
- Clear, direct communication skills — you can explain a risk to an engineer, write a post-incident report for leadership, and answer a customer security questionnaire without corporate fluff
- Experience with CrowdStrike Falcon (EDR + LogScale/NG-SIEM) or Datadog Security Monitoring
- Terraform expertise, including module development and policy-as-code (OPA, Sentinel)
- Familiarity with fleet management tools (FleetDM, osquery, Jamf, or Intune)
- Exposure to OT/ICS security concepts, industrial control systems, or critical infrastructure environments
- Experience with EU regulatory frameworks — NIS2, Cyber Resilience Act, IEC 62443
- Background in vulnerability management lifecycle — scanning, triage, remediation tracking, and executive reporting
- Experience implementing Zero Trust Network Access (ZTNA) in hybrid cloud/on-prem environments
7+ years of experience in security engineering, with hands-on work across multiple security domains. You’ve ideally done this at a SaaS company or cloud-native startup where you couldn’t hide behind a large team.
Bonus Points
Why Copia
- Your work has real-world safety impact. Our customers run critical infrastructure. Security here isn’t an abstract compliance exercise — it matters.
- You’ll build, not just maintain. This is a greenfield opportunity to shape the security program at a company that’s scaling fast.
- No bureaucracy. You’ll work directly with engineering and leadership. Your recommendations get implemented, not lost in committee.
- Competitive equity. Full-time permanent employees receive meaningful ownership in a company with significant upside.
Top Skills
What We Do
Copia is redefining how the world’s factories, energy systems, and infrastructure are built and maintained. Our Industrial Code Lifecycle Management Platform connects software engineering practices with operational technology, giving manufacturers resiliency with the visibility, control, and confidence they need to innovate safely. We’re engineers, builders, and problem-solvers driven by one mission: Keep industry moving forward. Copia is building the modern engineering platform for industrial automation. Industrial organizations operate critical infrastructure on PLCs, SCADA, and OT networks. These environments power manufacturing, energy, food production, and infrastructure worldwide. Most of them still rely on fragmented tooling and manual workflows that would not be tolerated in any modern software environment. Copia closes that gap. We bring the discipline of modern software engineering to operational technology teams, giving controls engineers and IT security teams the version control, change management, and operational resilience their environments demand. Two concepts define what we do: Industrial Code Lifecycle Management (ICLM) applies structured lifecycle practices to automation code and configuration management. Think DevOps for the plant floor. It enables industrial teams to manage PLC logic, configurations, and automation assets with version control, traceability, and controlled deployment processes. No more tribal knowledge. No more manual backups on USB drives. No more mystery around what changed, when, and who made the call. Operational Technology Disaster Recovery (OTDR) ensures automation systems can be rapidly restored after failures, cyber incidents, or operational disruptions. It covers backup validation, system restoration procedures, and resilience planning for industrial control systems. When ransomware hits or equipment fails, production gets back online in hours, not weeks. Together, ICLM and OTDR form the foundation for secure, resilient industrial automation environments. Copia is the platform that makes both operationally real.
Why Work With Us
At Copia, you’ll work with some of the most advanced industrial and engineering organizations in the world. You’ll help them adopt modern tools that improve how engineering teams collaborate, manage code, and operate critical infrastructure. Copia is growing incredibly quickly as a company, thus all roles are seen as "growth track" roles.
Copia Automation Offices
Hybrid Workspace
Employees engage in a combination of remote and on-site work.
Employees are expected in the Copia office a minimum of 2-3 days/week, 10 days/month. Our office is located in NoMad/Flatiron, steps away from Madison Square Park, and minutes away from the 6, R, W, F, M, E, and 1 trains, as well as the PATH.
