Security Operations Engineer

We are COMPLY .

For compliance people.

We pride ourselves on being the champion for compliance professionals. Merging technology consulting and education we help clients navigate the ever-changing regulatory environment. We serve more than 7000 clients globally through our solutions including ComplySci RIA in a Box National Regulatory Service (NRS) and illumis. We are a high-growth organization and have been recognized with numerous awards including by Inc. 5000 Institutional Asset Manager Awards Private Equity Wire Awards and the Women in Data & Technology Awards.

COMPLY is made up of 350+ professionals worldwide. In the US alone we have team members in 45 states. Employees of COMPLY have access to comprehensive benefits unlimited PTO paid bonding leave and 100% remote work flexibility with a WFH stipend.

Come join our team of talented innovators working together to forge the next generation of compliance.

To learn more about COMPLY visit COMPLY.com .

COMPLY is seeking a highly skilled and detail-oriented Security Operations Engineer with 3-7 years of experience. This role will focus on maintaining and enhancing the organization’s information security posture with a primary focus on IT and Infrastructure Security Operations vulnerability management alert monitoring and cloud security.

This role involves implementing configuring and managing security tools and controls designed to protect the organization’s data employees and clients systems and networks from potential threats. The ideal candidate will have a strong understanding of cybersecurity principles experience leading incident response continuous improvement of security protocols threat modeling and detection and outstanding collaborative ability.

Responsibilities:

• Design implement and maintain security controls to protect the organization’s IT systems and infrastructure.

• Design and configure robust rules and alerting for active detection and response to security incidents.

• Configure and maintain SIEM for investigations and triage of security incidents.

• Identify and lead the response to security incidents including conducting investigations coordinating remediation and mitigation and escalation as appropriate.

• Document security incidents in depth including root cause analysis steps taken to remediate and other relevant information.

• Manage and operated vulnerability scanning tools to identify and assess security vulnerabilities across COMPLY’s environments.

• Assist in the development and maintenance of incident response plans and conduct period drills and tests.

• Collaborate with IT and Infrastructure teams to prioritize remediate or mitigate identified vulnerabilities ensuring timely resolution.

• Develop and implement processes for continuous vulnerability assessment and threat modeling of COMPLY’s environments.

• Active knowledge of current and emerging threats that may impact the organization.

• Assist in the maintenance and updates for security policies procedures and standards in accordance with industry best practices and regulatory requirements.

• Prepare security metrics for reporting to management outlining identified vulnerabilities and the status of remediation.

• Implement and maintain secure email gateway solutions.

• Monitor email systems and alerts to ensure quick response to potential and confirmed threats.

• Collaborate with IT and Infrastructure teams for effective implementation and maintenance of endpoint detection and response tools.

• Work with cross-functional teams to ensure security is integrated into all aspects of IT operations and business processes.

• Collaborate with internal teams and external partners to ensure compliance with regulatory requirements and industry standards (e.g. CPRA GDPR SOC2 etc.).

Qualifications:

• Bachelor’s degree in Information Technology Information Systems Information Security or a related field.

• 3-7 years of professional experience in IT security infrastructure security or corporate information security including hands-on experience with security tools techniques and protocols.

• Strong understanding of security principles.

• Robust experience with security tools like M365 Defender Mimecast Rapid7 AlertLogic Wiz etc.

• Experience leading incident detection and response from identification escalation remediation and documentation.

• Experience with and understanding of cloud computing platforms (e.g. AWS Azure GCP) and containerization technologies (e.g. Docker Kubernetes)

• Excellent communication skills with the ability to effectively communicate complex security concepts and principles to technical and non-technical stakeholders.

• Ability to work cross-functionally with other technical teams to achieve objectives

• Strong analytical and problem-solving skills with a proactive and results-oriented mindset.

Nice to Have:

• Relevant security certifications such as CEH CISSP or OSCP are a plus.

• Experience building workflows in Jira Slack Teams etc.

$90000 - $115000 a year

The compensation range for this role is specific to the United States and takes into account a wide range of factors that are considered in making compensation decisions including but not limited to skill sets training licensure and certification and experience. A reasonable estimate of the base salary range for this role would be $90000-$115000 plus applicable bonus/benefits offerings etc as those similarly situated within the Company.

COMPLY is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race color religion disability sex sexual orientation gender identity or national origin. Nothing in this job posting should be construed as an offer or guarantee of employment.