Jump: Lead Security?Engineer?

Headquarters: Salt Lake City, UT

http://

About you

• You love security. It’s what you are all about and you are very very good at it.

• You are very motivated and proactive and can get a lot done every day.

• You love coding and are excited to learn Elixir. You really want to find and fix security vulnerabilities in an Elixir/Phoenix codebase.

• You are very pleasant to work with and people feel better about themselves after interacting with you.

What you’ll do

• Provide guidance, training, and tools to developers on secure coding principles, common vulnerabilities, and secure design patterns.

• Analyze, fix, and test vulnerabilities.

• Do code reviews, audit and analyze source code for vulnerabilities.

• Monitor the security industry for new developments.

• Evaluate, recommend, and implement security tools and technologies to improve our application security posture.

• Conduct threat modeling exercises for new and existing applications and systems.

• Ensure systems and processes adhere to relevant security standards, regulations (e.g., ISO 27001, SOC 2, GDPR, HIPAA), and internal policies.

• Implement and manage security controls for cloud environments (e.g., AWS, GCP), including identity and access management (IAM), network security, and data protection.

• Maintain comprehensive documentation for security processes, tools, and configurations.

What success looks like after 12?months

• Major vulnerabilities are found

• SOC?2 Type?II report continues to be delivered with zero high?risk exceptions.

• Mean?time?to?detect (MTTD)?<?15?min and mean?time?to?resolve (MTTR)?<?2?hrs for priority?1 security events.

• ??90?% of employees complete annual security training and phishing tests.

• Security is a documented, automated part of CI/CD (build fails on critical vulns).

• Our largest enterprise customers cite security as a strength in renewals.

You might be a fit if you

• Have 5+ years hands?on security engineering in cloud?native (AWS/GCP/Azure) product environments.

• Can demonstrate end?to?end ownership of at least one compliance framework (SOC?2, ISO?27001, HIPAA, PCI?DSS, etc.).

• Are fluent in modern DevSecOps tooling (Terraform, Kubernetes, GitHub Actions, OIDC/OAuth).

• Write code well enough to build internal tooling or fix a critical bug (we use Elixir & Terraform).

• Communicate complex risks in plain language to engineers, execs, and customers.

• Are comfortable being a “team of one” at first and progressively hiring/mentoring teammates.

Nice?to?haves: experience with multi?tenant data isolation, SAML/SCIM integrations, or selling to regulated industries (FinTech, HealthTech, GovTech).

Compensation & benefits

Base salary: $170?k –?$260?k USD

Benefits: Health/dental/vision, 401k (no match yet)

Time?off: Flexible PTO with manager approval

Gear: Top?spec laptop, stipend for home office/security hardware

Hiring process (2–3?weeks total)

1. Homework assignment — Takes about 1hr

2. Intro call (30?min) — with CTO.

3. Paid Trial week — Come work with us for a week and see how you like it

4. Team member intros & Reference checks

5. Offer

Other info:

• We buy the subscriptions you need (Cursor.ai, ChatGPT, etc)

• We’re a small and efficient dev team

• We’re growing gangbusters. All revenue-backed, super low churn.

• Raised a $20M Series-A a few months ago

• HQ based in SLC, Utah

• Remote friendly, must be based in the USA