Job Description
We're seeking a hands-on security professional to lead and evolve our established security program. Over the past few years we've built strong security foundations including tooling processes and practices to support our ISO 27001 and SOC 2 certifications. This role uniquely combines application security security architecture compliance oversight and cross-functional collaboration. You'll be the security voice across engineering product sales customer success and operations teams - working closely with everyone to maintain and enhance our security posture.
You'll take ownership of our existing security tooling and processes identify gaps and opportunities for improvement and drive security initiatives forward. While we have solid foundations there's a significant opportunity to optimize modernize and scale our security program. Initially expect to be 80% hands-on execution and 20% strategic planning. As we continue to grow this may shift toward building a team but hands-on expertise will always be valued.
Inrupt is headquartered in Boston MA. This role is based in Boston. Our team operates on a hybrid schedule working from the office two days a week and enjoying remote flexibility on the remaining days.
Key Responsibilities
- Own and optimize security tooling stack for SAST DAST SCA container scanning and IaC security (e.g. SonarQube StackHawk Aikido Trivy)
- Partner with engineering to create and refine threat models for all new product features and major architectural changes
- Ensure cloud environments adhere to security best practices and evolving compliance requirements
- Review and provide security feedback on technical requirements design documents and architecture decisions
- Analyze and triage output from security scanning tools to identify prioritize and track vulnerabilities
- Translate security findings into actionable recommendations for development teams with clear prioritization
- Own the security incident response process for products and service incidents
- Conduct post-incident reviews and drive continuous improvement in security practices
- Own and evolve established security policies standards and procedures as the company grows
- Manage the enterprise risk register for security risks escalated beyond individual departments
- Lead cross-functional risk management meetings to assess track and mitigate security risks
- Maintain ISO 27001 and SOC 2 Type I certifications and drive progression to SOC 2 Type II
- Conduct periodic security audits assessments and gap analyses
- Prepare for and lead security audits and customer security assessments
- Develop and deliver security training and awareness programs across all teams
- Partner with sales and customer success during security discussions with enterprise customers and prospects
- Support RFP/RFI responses and customer security questionnaires
- Build security champion programs to distribute security knowledge across teams
- Foster a security-first culture that emphasizes shared responsibility and proactive security practices
About You
Required:
- 5-8+ years in application security security engineering cloud security or similar roles
- Proven ability to work independently and wear multiple hats in a fast-paced small company environment
- Strong understanding of secure software development lifecycle (SSDLC) practices and DevSecOps principles
- Hands-on experience implementing and managing security tooling including SAST DAST SCA and container scanning
- Demonstrated experience with cloud security (AWS Azure or GCP) and infrastructure as code security
- Working knowledge of threat modeling methodologies (STRIDE PASTA or similar)
- Direct experience with ISO 27001 and/or SOC 2 compliance programs from implementation through audit
- Strong understanding of OWASP Top 10 SANS Top 25 and common vulnerability types
- Excellent communication and collaboration skills with the ability to influence across technical and non-technical audiences
- Experience working with distributed/remote teams across multiple time zones
- Comfortable taking ownership of existing systems and processes and making them better
- Programming/scripting skills (Python Bash or similar) for automation and tool integration
- Deep knowledge of cloud security controls IAM and network security (AWS Azure or GCP)
- Experience with IaC security (Terraform CloudFormation) and policy-as-code tools (Checkov tfsec OPA)
- Experience securing CI/CD pipelines with GitHub Actions Argo CD Jenkins or similar
Preferred:
- Experience in taking over and improving established security programs
- Professional security certifications (CISSP OSCP CEH GIAC or similar)
- Hands-on software development or DevOps background (Python Java JavaScript)
- Prior experience managing security incident response and conducting security investigations
- Background as a security champion or embedded security engineer within development teams
- Familiarity with regulatory frameworks (GDPR CCPA SOX HIPAA)
- Experience with security orchestration automation and response (SOAR)
- Experience in B2B SaaS or enterprise software companies
- Experience with secrets management (HashiCorp Vault AWS Secrets Manager)
- Knowledge of identity and access management (SSO SAML OAuth RBAC)
- Experience with security monitoring and logging (SIEM log aggregation)
Top Skills
What We Do
Sir Tim Berners-Lee inventor of the World Wide Web created Solid to realize the web as he fully envisioned it. Sir Tim co-founded Inrupt to provide enterprise-grade Solid software and services. Inrupt’s data infrastructure software enables enterprises and governments to deploy and manage Solid-compliant solutions. Our products are the expression of decades of experience in security compliance and operational excellence.
Similar Jobs
BAE Systems Inc.
Software Engineer
BAE Systems Inc.
Supplier Quality Engineer - Electronics Category - Remote in the North Eastern United States
Kensho Technologies
Software Engineer
Hex
Security GRC Manager
Similar Companies Hiring
Explore More
Date Posted
04/15/2026
Views
0