Information Security Engineer

Summary

Join Prepared as our first Information Security Engineer and play a foundational role in establishing our Information Security function. You will build and manage security programs safeguarding customer information, protecting internal systems, and ensuring compliance as we scale. This crucial role involves owning the security of Prepared’s mission-critical platform end-to-end, collaborating with platform engineers and product teams. You will lead compliance and risk management, triage and remediate vulnerabilities, automate security monitoring, ensure security best practices across infrastructure and applications, and coordinate audits and compliance. This is a remote-first position offering competitive salary and equity, along with comprehensive benefits.

Requirements

• 6+ years of experience in InfoSec, AppSec, or Security Engineering with a focus on compliance, risk management, and vulnerability remediation
• Hands-on experience with SOC2 compliance, security audits, and governance tools (Vanta, SecureFrame, Drata)
• Deep understanding of SAST & DAST security tools and ability to triage vulnerabilities
• Strong grasp of cloud security best practices (AWS, GitHub security events)
• Ability to collaborate cross-functionally, educate engineers on security, and establish security processes from scratch
• A proactive, automation-first mindset—you look for ways to streamline security workflows and reduce manual overhead

Responsibilities

• Lead Compliance & Risk Management: Own and manage compliance programs like SOC2, handle customer security questionnaires, and develop a risk management framework
• Vulnerability Triage & Remediation: Assess vulnerabilities identified via SAST/DAST tools, work with engineering teams on mitigation, and drive security best practices
• Security Automation & Monitoring: Implement and oversee automated security scans (e.g., Dependabot), coordinate penetration tests, and track remediation
• Infrastructure & Application Security: Ensure security best practices are followed across AWS, GitHub, and CI/CD pipelines while collaborating with product teams to shift security left in the SDLC
• Audit & Compliance Coordination: Partner with external auditors and compliance vendors to maintain certifications and improve security postures

Preferred Qualifications

Experience working in heavily regulated industries (FinTech, HealthTech, GovTech)

Benefits

• Remote-First Culture
• Competitive Salary and Equity
• 401k
• Medical, Dental, and Vision Benefits
• Flexible Spending Account (FSA)
• Free Membership to OneMedical
• Flexible Paid Time Off + 12 U.S. Holidays
• 12 Weeks of Paid Parental Leave (birthing + non-birthing parents)
• WeWork Membership for All Employees
• Annual Company Offsite