Senior Security Engineer

Role & Team As our inaugural Senior Security Engineer, you will play a critical role in safeguarding Overstory's systems, data, and reputation. Partnering closely with your manager - the Director of Information Security and Compliance - you will take ownership of our security and compliance posture, and define, implement, and continuously improve our security program.You will lead initiatives across vulnerability management, compliance, and security operations, while acting as a trusted partner to engineering, product, and business teams. This role is ideal for someone who combines hands-on technical expertise with a strategic mindset and enjoys building scalable security practices in a growing company.What You'll Do Own and evolve Overstory's compliance program, ensuring ongoing alignment with SOC 2, ISO 27001, and other relevant frameworksDrive vulnerability management end-to-end, from detection to remediation, working closely with engineering teams to prioritize and resolve risks efficientlyDesign and improve security processes and controls across infrastructure, applications, and internal systemsLead security input in architecture and engineering decisions, helping teams build secure-by-design systemsOversee and improve identity and access management, endpoint security, and core IT security practicesOwn vendor security and third-party risk management, including assessments, risk evaluation, and mitigation strategiesLead audit readiness and execution for SOC 2 and ISO 27001, including control design, evidence collection, and auditor coordinationPartner with customer-facing teams to handle security questionnaires and build scalable, high-quality response processesContribute to security awareness and culture, mentoring others and raising the security bar across the organizationSkills & Experience 5+ years of experience in security engineering, security operations, or a related fieldDirect experience with security and compliance frameworks such as SOC 2 and/or ISO 27001, including audit processesDeep experience with vulnerability management, including tooling, prioritization, and remediation workflowsFluency working across cloud environments (AWS, GCP, or Azure) and modern SaaS ecosystemsExperience with identity and access management, endpoint security, and IT/security operationsDemonstrated ability to translate security risks into clear, actionable guidance for technical and non-technical stakeholdersDemonstrable experience (or at a minimum a serious interest in) leveraging AI tooling to accelerate business impact.Strong written communication skills and are comfortable owning documentation and audit artifactsDemonstrable proactive, pragmatic mindset as well as capacity for balancing security best practices with business needsExperience working cross-functionally influencing without authority in a remote-first environmentNice To Have Experience designing or improving SIEM, logging, and alerting pipelinesFamiliarity with compliance automation platforms (Drata, Vanta, Tugboat, etc.)Experience leading or owning SOC 2 / ISO 27001 auditsBackground in application or cloud security engineeringExperience mentoring or guiding more junior team membersWhat We Offer Competitive, location-specific compensation and benefitsFlexible, autonomous and collaborative working environment rooted in trust - we build our work days around our lives, not the other way aroundHome office stipend, coworking and ongoing education budgetsA company culture that genuinely embodies each of our core valuesTo be part of truly mission-driven work that reduces wildfires, protects earth's natural resources and helps solve our climate crisisAbout Our Team We are a group of 100 people from all over the world. Fifteen nationalities are represented in our team and at last count we speak fourteen languages: English, Dutch, French, Spanish, German, Italian, Portuguese, Russian, Luxembourgish, Lithuanian, Bulgarian, Cantonese, Estonian, and Danish.We work remotely from eleven countries and are looking for candidates that are living and working in one of them: United States, the Netherlands, United Kingdom, Ireland, Estonia, Portugal, France, Sweden, Switzerland, Denmark and Canada. We gather once a year in-person for our unforgettable team gathering event. We also offer the option to occasionally meet up for in-person collaboration.Diversity & Inclusion The climate crisis is a human crisis that requires diverse perspectives to solve.We place enormous value on diversity and believe that the best ideas emerge when people with different backgrounds and experience work together. We remain committed to scaling a team that reflects the communities we serve, and strive to uphold equitable and inclusive practices across every aspect of our business. We are responsible for creating and maintaining a culture where everyone - regardless of background - has a voice in building a sustainable future.Our Values Tackling the climate crisis is our greatest mission.We act with urgency.Our curiosity fuels our growth.We recognize that change is constant, and we find joy and power in exploration.We're rooted in diversity.Just as ecosystems need biodiversity to thrive, our resiliency comes from our differences.We care for each other.We love the power of machines but we nurture each other as humans.Trust is fundamental.We assume the best in everyone, and we share ideas openly so that we have a positive impact.#J-18808-Ljbffr