Senior Security Operations Engineer

Summary

Join Plotly, a leading data visualization and analytics innovator, as a Senior Security Operations Engineer. You will play a critical role in establishing and scaling our security operations, designing, implementing, and managing security operations to protect our enterprise software and SaaS offerings. This role ensures compliance with industry standards, drives security certifications, and establishes robust security programs. The ideal candidate possesses deep expertise in enterprise and SaaS security and a proven track record of building scalable and compliant security practices. You will lead information security efforts across various platforms and collaborate with development teams to integrate security tooling. This position requires significant experience in security operations and compliance.

Requirements

• 5+ years of experience in security operations, with a focus on both enterprise and public-cloud SaaS environments
• Hands-on experience with achieving and maintaining security certifications (e.g., SOC 2, ISO 27001)
• Strong understanding of security frameworks (e.g., NIST, CIS) and regulatory requirements (e.g., GDPR, CCPA)
• Proven experience in disaster recovery and business continuity planning, testing, and implementation
• Proficiency in managing security tools, including compliance management platforms (e.g. Vanta), SIEM, endpoint security, and vulnerability management systems
• Demonstrated ability to lead incident response efforts and perform forensic analysis
• Robust knowledge of security principles across all major cloud vendors
• Deep knowledge of Public Key Infrastructure (PKI) including internal certificate authorities and mutual TLS client authentication

Responsibilities

• Lead all information security efforts at Plotly, across production SaaS operations, enterprise IT, and Plotly’s digital presence on the web and social media
• Author, improve, and enforce information security policies; ensure risk assessments, compliance evidence collection, and access reviews are complete and consistent
• Collaborate with DevOps and software development teams to integrate security tooling (such as vulnerability scanning, bounty programs, SIEMs, SAST, and DAST) and secure development processes into their workflow
• Ensure Plotly’s continued compliance with SOC2 Type II, and lead additional compliance framework efforts such as ISO 27001 as our needs grow
• Develop, implement, and maintain business continuity plans (BCP) and disaster recovery plans (DR) to ensure system resiliency and minimal downtime during incidents
• Oversee the security and integrity of the organization’s digital presence, including websites, social media accounts, domains and DNS entries, chat, conferencing, and email systems
• Exemplify the role of the information security officer, through mentoring, cross-training, advocacy, and influencing the organization toward secure practices

Preferred Qualifications

• Relevant certifications such as CISSP, CISM, CISA, or GIAC
• Experience as a product owner for security tooling developed by internal teams
• Experience with DevOps automation tools (e.g., Kubernetes, Ansible, Terraform, or Python scripting)
• Familiarity with security scanning tools (e.g. Trivy, Snyk, Sonarqube) and SaaS-specific security solutions (e.g. AWS WAF)

Benefits

• Comprehensive health coverage
• Generous PTO
• Parental leave top-up program
• Stock options for all full-time employees
• Learning & development program
• Remote-first work
• Home office support