Head of Security / Senior Security Engineer

· Remote

Location

Remote

Type

Full Time

Job Description

Head of Security / Senior Security Engineer

Reposted 3 Hours Ago
Boston MA USA
Hybrid
Senior level
Information Technology • Web3
The Role
The Head of Security will lead security initiatives manage security tools collaborate with teams on security practices and maintain compliance certifications.
Summary Generated by Built In

We're seeking a hands-on security professional to lead and evolve our established security program. Over the past few years we've built strong security foundations including tooling processes and practices to support our ISO 27001 and SOC 2 certifications. This role uniquely combines application security security architecture compliance oversight and cross-functional collaboration. You'll be the security voice across engineering product sales customer success and operations teams - working closely with everyone to maintain and enhance our security posture.

You'll take ownership of our existing security tooling and processes identify gaps and opportunities for improvement and drive security initiatives forward. While we have solid foundations there's a significant opportunity to optimize modernize and scale our security program. Initially expect to be 80% hands-on execution and 20% strategic planning. As we continue to grow this may shift toward building a team but hands-on expertise will always be valued.

Inrupt is headquartered in Boston MA. This role is based in Boston. Our team operates on a hybrid schedule working from the office two days a week and enjoying remote flexibility on the remaining days.


Key Responsibilities

  • Own and optimize security tooling stack for SAST DAST SCA container scanning and IaC security (e.g. SonarQube StackHawk Aikido Trivy)
  • Partner with engineering to create and refine threat models for all new product features and major architectural changes
  • Ensure cloud environments adhere to security best practices and evolving compliance requirements
  • Review and provide security feedback on technical requirements design documents and architecture decisions
  • Analyze and triage output from security scanning tools to identify prioritize and track vulnerabilities
  • Translate security findings into actionable recommendations for development teams with clear prioritization
  • Own the security incident response process for products and service incidents
  • Conduct post-incident reviews and drive continuous improvement in security practices
  • Own and evolve established security policies standards and procedures as the company grows
  • Manage the enterprise risk register for security risks escalated beyond individual departments
  • Lead cross-functional risk management meetings to assess track and mitigate security risks
  • Maintain ISO 27001 and SOC 2 Type I certifications and drive progression to SOC 2 Type II
  • Conduct periodic security audits assessments and gap analyses
  • Prepare for and lead security audits and customer security assessments
  • Develop and deliver security training and awareness programs across all teams
  • Partner with sales and customer success during security discussions with enterprise customers and prospects
  • Support RFP/RFI responses and customer security questionnaires
  • Build security champion programs to distribute security knowledge across teams
  • Foster a security-first culture that emphasizes shared responsibility and proactive security practices

 

About You

Required:

  • 5-8+ years in application security security engineering cloud security or similar roles
  • Proven ability to work independently and wear multiple hats in a fast-paced small company environment
  • Strong understanding of secure software development lifecycle (SSDLC) practices and DevSecOps principles
  • Hands-on experience implementing and managing security tooling including SAST DAST SCA and container scanning
  • Demonstrated experience with cloud security (AWS Azure or GCP) and infrastructure as code security
  • Working knowledge of threat modeling methodologies (STRIDE PASTA or similar)
  • Direct experience with ISO 27001 and/or SOC 2 compliance programs from implementation through audit
  • Strong understanding of OWASP Top 10 SANS Top 25 and common vulnerability types
  • Excellent communication and collaboration skills with the ability to influence across technical and non-technical audiences
  • Experience working with distributed/remote teams across multiple time zones
  • Comfortable taking ownership of existing systems and processes and making them better
  • Programming/scripting skills (Python Bash or similar) for automation and tool integration
  • Deep knowledge of cloud security controls IAM and network security (AWS Azure or GCP)
  • Experience with IaC security (Terraform CloudFormation) and policy-as-code tools (Checkov tfsec OPA)
  • Experience securing CI/CD pipelines with GitHub Actions Argo CD Jenkins or similar

 

Preferred:

  • Experience in taking over and improving established security programs
  • Professional security certifications (CISSP OSCP CEH GIAC or similar)
  • Hands-on software development or DevOps background (Python Java JavaScript)
  • Prior experience managing security incident response and conducting security investigations
  • Background as a security champion or embedded security engineer within development teams
  • Familiarity with regulatory frameworks (GDPR CCPA SOX HIPAA)
  • Experience with security orchestration automation and response (SOAR)
  • Experience in B2B SaaS or enterprise software companies
  • Experience with secrets management (HashiCorp Vault AWS Secrets Manager)
  • Knowledge of identity and access management (SSO SAML OAuth RBAC)
  • Experience with security monitoring and logging (SIEM log aggregation)


 

Top Skills

Aikido
Argo Cd
AWS
Azure
Bash
Checkov
CloudFormation
Container Scanning
Dast
GCP
Github Actions
Jenkins
Linux
Opa
Python
Sast
Sca
Sonarqube
Stackhawk
Terraform
Tfsec
Trivy
Windows
Am I A Good Fit?
beta
Expert contributor network
Get Personalized Job Insights.
Our AI-powered fit analysis compares your resume with a job listing so you know if your skills & experience align.

The Company
HQ: Boston Massachusetts
200 Employees
Year Founded: 2017

What We Do

Sir Tim Berners-Lee inventor of the World Wide Web created Solid to realize the web as he fully envisioned it. Sir Tim co-founded Inrupt to provide enterprise-grade Solid software and services. Inrupt’s data infrastructure software enables enterprises and governments to deploy and manage Solid-compliant solutions. Our products are the expression of decades of experience in security compliance and operational excellence.

Similar Jobs

BAE Systems Inc.

Software Engineer

Aerospace • Hardware • Information Technology • Security • Software • Cybersecurity • Defense
Hybrid
Burlington MA USA
40000 Employees
118K-201K Annually

BAE Systems Inc.

Supplier Quality Engineer - Electronics Category - Remote in the North Eastern United States

Aerospace • Hardware • Information Technology • Security • Software • Cybersecurity • Defense
Remote or Hybrid
Boston MA USA
40000 Employees
118K-201K Annually

Kensho Technologies

Software Engineer

Artificial Intelligence • Fintech • Machine Learning • Natural Language Processing • Software • Generative AI
Hybrid
Cambridge MA USA
175 Employees
150K-225K Annually

Hex

Security GRC Manager

Artificial Intelligence • Big Data • Software • Analytics • Business Intelligence • Big Data Analytics
Remote or Hybrid
3 Locations
160 Employees
221K-295K Annually

Similar Companies Hiring

Artificial Intelligence • Information Technology • Software
New York NY
25 Employees
Blockchain • Fintech • Payments • Financial Services • Cryptocurrency • Web3 • Infrastructure as a Service (IaaS)
New York NY
100 Employees
Digital Media • eCommerce • Information Technology • Marketing Tech • Pet • Retail • Social Media
El Segundo California
178 Employees
Apply Now

Date Posted

04/15/2026

Views

0

Back to Job Listings Add To Job List Company Profile View Company Reviews
Neutral
Subjectivity Score: 0
142,000+ Jobs Tracked
12,400+ Companies
1,930 Categories