Security Engineer

Company Description Careful Security is a boutique cybersecurity and compliance implementation firm with a 100% first-attempt certification pass rate. We deliver hands-on compliance readiness (SOC 2, ISO 27001, ISO 42001, HIPAA, PCI-DSS), vCISO services, penetration testing, and our proprietary compliance monitoring platform, Dashr.ai. We're scaling from $500K to $5M ARR and looking for people who execute.Role Description The Security Engineer owns the day-to-day technical delivery across our active client portfolio. You'll run gap analyses, implement security controls, collect audit evidence, manage SIEM/SOC monitoring and alerting, and communicate findings directly to stakeholders — across 4+ client accounts simultaneously. This is hands-on compliance implementation and security operations work, not passive monitoring.This is also a ground-floor opportunity to help build the security practice at a firm that's scaling fast. You'll work directly with the CEO, shape how we deliver across multiple compliance frameworks, contribute to our proprietary compliance platform (Dashr.ai), and have a clear path to Senior Engineer or Lead Consultant within 12-18 months based on performance.What You'll DoConduct technical gap analyses against SOC 2, ISO 27001, ISO 42001 (AI Management Systems), HIPAA, and PCI-DSS frameworksConfigure and validate security controls (endpoint, identity, access, logging, encryption)Manage SIEM platforms — build detections, tune alerting rules, triage and investigate security eventsPerform SOC analyst functions including alert triage, incident investigation, and escalationPrepare complete, audit-ready evidence packages for external auditsRun vulnerability scans, triage findings, and coordinate remediationDraft and maintain client security policies and proceduresCommunicate security findings to both technical and executive audiencesWork across client environments using tools like CrowdStrike, SentinelOne, Entra ID, Google Workspace, AWS, Azure, Cisco Meraki, and FortiGateWhat We Need3-5 years hands-on in cybersecurity engineering, SIEM/SOC analysis, or compliance implementationDirect experience with at least two of: SOC 2, ISO 27001, ISO 42001, HIPAA, PCI-DSSSIEM experience (Splunk, Sentinel, Elastic, or equivalent) — building queries, tuning rules, investigating alertsConsulting/multi-client experience (you can context-switch without dropping balls)Self-directed — you identify work and claim it, not wait to be assignedClear communicator who can explain findings to a CISO and a CFOCompTIA Security+ minimum; CISSP, CISA, or ISO 27001 Lead Implementer preferredISO 42001 experience or familiarity with AI governance frameworks is a strong plusWhy Careful Security$110K-$130K compensation (contract-to-hire, details below)Direct access to the CEO — no layers, no bureaucracyClear promotion path to Senior Engineer / Lead Consultant within 12-18 monthsHelp build and shape the compliance practice from the ground upContribute to Dashr.ai — you're not just consulting, you're building a productExposure across multiple compliance frameworks, industries, and client environmentsPerformance is recognized and rewarded, not buried in annual review cyclesStructure30-day contract trial (1099, LLC required per CA AB5), converting to W-2 full-time upon successful completion. $110K-$130K range. Remote, U.S.-based. Reports directly to the CEO.