Security Operations Engineer

We are COMPLY.

For compliance people.

We pride ourselves on being the champion for compliance professionals. Merging technology, consulting and education, we help clients navigate the ever-changing regulatory environment. We serve more than 7,000 clients globally, through our solutions including ComplySci, RIA in a Box, National Regulatory Service (NRS) and illumis. We are a high-growth organization and have been recognized with numerous awards including by Inc. 5000, Institutional Asset Manager Awards, Private Equity Wire Awards, and the Women in Data & Technology Awards.

COMPLY is made up of 350+ professionals worldwide. In the US alone, we have team members in 45 states. Employees of COMPLY have access to comprehensive benefits, unlimited PTO, paid bonding leave and 100% remote work flexibility with a WFH stipend.

Come join our team of talented innovators working together to forge the next generation of compliance.

To learn more about COMPLY, visit COMPLY.com.

COMPLY is seeking a highly skilled and detail-oriented Security Operations Engineer with 3-7 years of experience. This role will focus on maintaining and enhancing the organization’s information security posture with a primary focus on IT and Infrastructure Security Operations, vulnerability management, alert monitoring, and cloud security.

This role involves implementing, configuring, and managing security tools and controls designed to protect the organization’s data, employees and clients, systems, and networks from potential threats. The ideal candidate will have a strong understanding of cybersecurity principles, experience leading incident response, continuous improvement of security protocols, threat modeling and detection, and outstanding collaborative ability.

Responsibilities:

• Design, implement, and maintain security controls to protect the organization’s IT systems and infrastructure.
• Design and configure robust rules and alerting for active detection and response to security incidents.
• Configure and maintain SIEM for investigations and triage of security incidents.
• Identify and lead the response to security incidents, including conducting investigations, coordinating remediation and mitigation, and escalation as appropriate.
• Document security incidents in depth, including root cause analysis, steps taken to remediate, and other relevant information.
• Manage and operated vulnerability scanning tools to identify and assess security vulnerabilities across COMPLY’s environments.
• Assist in the development and maintenance of incident response plans and conduct period drills and tests.
• Collaborate with IT and Infrastructure teams to prioritize, remediate, or mitigate identified vulnerabilities, ensuring timely resolution.
• Develop and implement processes for continuous vulnerability assessment and threat modeling of COMPLY’s environments.
• Active knowledge of current and emerging threats that may impact the organization.
• Assist in the maintenance and updates for security policies, procedures, and standards in accordance with industry best practices and regulatory requirements.
• Prepare security metrics for reporting to management, outlining identified vulnerabilities and the status of remediation.
• Implement and maintain secure email gateway solutions.
• Monitor email systems and alerts to ensure quick response to potential and confirmed threats.
• Collaborate with IT and Infrastructure teams for effective implementation and maintenance of endpoint detection and response tools.
• Work with cross-functional teams to ensure security is integrated into all aspects of IT operations and business processes.
• Collaborate with internal teams and external partners to ensure compliance with regulatory requirements and industry standards (e.g., CPRA, GDPR, SOC2, etc.).

Qualifications:

• Bachelor’s degree in Information Technology, Information Systems, Information Security, or a related field.
• 3-7 years of professional experience in IT security, infrastructure security, or corporate information security, including hands-on experience with security tools, techniques, and protocols.
• Strong understanding of security principles.
• Robust experience with security tools like M365 Defender, Mimecast, Rapid7, AlertLogic, Wiz, etc.
• Experience leading incident detection and response from identification, escalation, remediation, and documentation.
• Experience with and understanding of cloud computing platforms (e.g., AWS, Azure, GCP) and containerization technologies (e.g., Docker, Kubernetes)
• Excellent communication skills, with the ability to effectively communicate complex security concepts and principles to technical and non-technical stakeholders.
• Ability to work cross-functionally with other technical teams to achieve objectives
• Strong analytical and problem-solving skills, with a proactive and results-oriented mindset. 

Nice to Have:

• Relevant security certifications such as CEH, CISSP, or OSCP are a plus.
• Experience building workflows in Jira, Slack, Teams, etc. 

COMPLY is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, disability, sex, sexual orientation, gender identity, or national origin. Nothing in this job posting should be construed as an offer or guarantee of employment.