Cybersecurity Engineer

Who We AreSimpli.fi provides marketing technologies, solutions, and workflow automation for advertisers and agencies of all sizes. We specialize in helping organizations that operate across many locations, jurisdictions, or local markets—where location matters and incrementality counts—by uniting data, automation, and intelligence to drive measurable growth.Our platform powers highly targeted, high-volume campaigns across omnichannel environments including CTV, native, mobile, display, and social. We deliver transparent performance with local precision at national scale. Simpli.fi enables marketers—from multi-location brands and independent agencies who serve them, to political, advocacy, and public-affairs organizations—to activate locally relevant messaging, measure real-world impact, and generate clear, actionable insights.Simpli.fi is backed by leading private equity firms Blackstone and GTCR. To learn more, visit Simpli.fi.What We’re Looking ForSimpli.fi is currently looking for a Cybersecurity Engineer, you will join a security team focused on practical risk reduction across endpoints, identity, logging, and compliance operations. This role is well suited to a systems-oriented generalist who can connect dots across tools and environments, understand how failures propagate, and help the organization improve security outcomes without losing momentum.This is an individual contributor role. This role is not siloed. You will work across endpoint security, identity, telemetry, and compliance workflows. You will have opportunities to make improvements that are visible across engineering and the broader company.Security is part of how we deliver a great workplace experience and build customer trust. The work in this role helps employees stay productive and safe, reduces disruption from preventable issues, and supports the evidence and assurance that customers and auditors rely on.Growth & LearningYou will have room to grow by owning meaningful outcomes end to end. That includes deepening expertise in endpoint security, identity, telemetry, and compliance operations, and learning adjacent systems through hands-on work, documentation, and automation. We prioritize durable improvements over heroics, so learning and progress are sustainable.How We WorkWe aim for a sustainable pace and clear priorities. This role has broad scope because it touches systems people rely on every day, not because we expect heroics. There is no mandatory on-call rotation for this position, and most work weeks are around 40 hours. When urgent incidents happen, we collaborate to resolve them, and that can occasionally require engagement outside normal hours. We value durable improvements, automation, and good documentation over “always available” expectations.What You’ll Be Doing Own and improve endpoint security outcomes across macOS and WindowsDeployment, configuration, investigations, and remediation supportSupport incident response with a focus on diagnosis, recovery, and root cause understandingUse logs and telemetry to investigate events and identify patternsCorrelate signals across systems rather than relying on a single toolOwn operational security compliance workflowsMaintain and improve SOC 2 evidence collectionTrack down evidence across systems and teamsEnsure controls reflect real system behaviorAdminister and improve the company’s Vanta implementationMaintain accurate integrations and control mappingsReduce manual evidence collection where possibleImprove how security tooling and controls fit together through pragmatic configuration and automationPartner with IT and engineering stakeholders to translate technical risk and compliance needs into clear actions and tradeoffsDocument systems, controls, and operational knowledge so improvements persistYOU’LL HAVE THE FOLLOWING TO SUCCEED IN THIS ROLE:Core Skills Strong problem solving skills with close attention to detailSystems thinking and pattern recognitionAbility to reason across endpoints, identity, networking, access controls, telemetry, compliance controls, and cloud environmentsA pragmatic security mindsetAble to balance risk reduction, operational reality, and audit requirementsClear communication and translation skillsAble to explain security and compliance requirements without alarmism or unnecessary frictionStrong documentation and evidence hygieneComfortable producing clear, accurate, and defensible artifactsTechnical Foundations Strong systems and troubleshooting backgroundComfortable reasoning about operating systems, processes, and networking fundamentalsAble to diagnose issues across macOS, Windows, and Linux environmentsEndpoint security fundamentalsExperience operating endpoint security tooling and supporting investigations is strongly preferredComfortable with investigation workflows and remediation supportIdentity and access familiarityUnderstanding how identity underpins access control and audit evidenceFamiliarity with identity providers such as Okta or comparable platformsLogging and telemetry experienceComfortable querying and correlating logs to support investigations and audit evidenceSIEM experience is helpful, including Datadog or similar platformsCloud platform familiarityWorking knowledge of at least one cloud platform (AWS, GCP, or Azure) sufficient to support investigations, risk assessment, and compliance evidence needsCompliance And Governance Operations Hands-on experience supporting SOC 2 or similar auditsEvidence collection, validation, and auditor interactionExperience working with compliance automation platforms such as VantaMaintaining integrations and control mappingsIdentifying and closing evidence gapsAbility to connect written controls to real system behaviorAvoids paper-only complianceEnsures controls remain accurate over timeScripting And Automation Comfortable with scripting across macOS, Linux, and WindowsAble to read scripts, modify logic safely, and automate repetitive workPython is preferred, but comparable scripting experience is acceptableNice To Have(Useful but not required. No candidate is expected to have all of these.) Experience with SIEM platforms and investigation workflowsDeeper cloud security expertise in AWS, GCP, or AzureExamples include IAM design, security monitoring, network controls, or incident investigation in cloud environmentsEndpoint management experience (Jamf, Intune, GPO, MDM patterns)Experience with identity integrations and access control patterns (SSO, SAML, SCIM)Prior participation in external audits or customer security reviewsCertifications (CISSP, CISM, etc.).The Right Person WillEnjoy operating as a generalist with one or more anchor domainsBe comfortable moving between security engineering, operations, and compliance workPrefer improving systems over producing one-off artifactsTake ownership of messy or underspecified areas and make them better over timeBe comfortable saying they do not know something and then figuring it outShow Your WorkWe value demonstrated ability more than credentials. Skills gained through personal projects, self study, bootcamps, or non traditional experience are welcome.You May ShareTechnical documentation or runbooks you createdIncident writeups or postmortems you contributed toEvidence workflows or automation you improvedScripts or tools you builtOpen source contributions or community involvementPublic examples are not required. Many strong engineers work entirely in private or internal systems, and we are happy to discuss your experience directly.Working With Us Has Its RewardsAwesome company environment and benefits with a great management team. Competitive pay based on experience, 17 PTO days, 401K match, long-term incentive plan and employer sponsored healthcare options. Hybrid work schedule. The company is focused on developing and mentoring employees!Candidates must be authorized to work in the United States. We are unable to provide visa sponsorship at this time.