Senior Security Engineer

Summary

Join CompanyCam as a Senior Security Engineer to drive security engineering and compliance initiatives across our app. Partner with engineering teams to design, implement, and automate security controls. Own security architecture decisions and vulnerability management. Ensure the company stays ahead of evolving threats. This remote-first position requires occasional travel to HQ in Lincoln, Nebraska. Candidates must permanently reside in the United States. CompanyCam offers a flexible work approach, intentional downtime, and a focus on work-life balance.

Requirements

• 5+ years of hands-on experience in a security engineering or infrastructure security role
• Strong experience with cloud-native platforms (AWS preferred)
• Hands-on with CI/CD , infrastructure as code , and security automation
• Familiarity with compliance frameworks (SOC 2, ISO 27001) and data privacy regulations (GDPR, CCPA)
• Experience with pen testing , red teaming, or offensive security methods
• Proficiency in web application security (preferably Ruby on Rails, Django, or Express)
• Ability to balance security risks with product and engineering goals
• Clear, confident communication across both technical and non-technical teams
• Comfortable navigating ambiguity and working in fast-moving environments
• A continuous growth-mindset, with a focus on learning, embracing challenges, and continuously improving
• A knack for creativity and innovation, bringing fresh ideas to the table and solving complex problems

Responsibilities

• Create or contribute to tooling that supports secure code delivery and infrastructure as code validation
• Design and enforce access control mechanisms aligned with least privilege and segregation of duties across infrastructure, applications, and data layers
• Provide guidance on security best practices for product, platform, and infrastructure teams to align development with compliance requirements
• Partner with product and engineering to ensure appropriate handling of sensitive data, including encryption, retention, and secure deletion policies
• Build automated playbooks for security incident response and partner with teams on real-world incident handling
• Conduct proactive threat detection and response activities, including investigation and forensics as needed
• Maintain visibility into third-party and supply chain risks through vendor assessments and open source review
• Report on vulnerability trends and remediation metrics across environments
• Lead compliance-related training initiatives, ensuring teams understand security policies and regulatory requirements
• Contribute to security education for engineers through documentation, secure development guidance and internal training

Preferred Qualifications

Scripting in Ruby and Bash

Benefits

• This is a salaried position at CompanyCam
• Our starting salary is $130,000 - $170,000 per year and is based on experience
• We also offer meaningful equity and other benefits
• Employees are not required to work in the office or relocate to Lincoln, Nebraska, for this opportunity, but occasional travel to HQ will be required