Trust and Safety Engineer

About The Position

Requirements

• 3–7 years of experience in security engineering, compliance automation, Security Operations, or GRC-aligned roles in a SaaS or eCommerce environment.
• Bachelor’s degree in Computer Science, Cybersecurity, Information Systems, or related field (or equivalent experience).
• Hands-on experience implementing and administering endpoint management & security technologies
• Understanding of compliance frameworks including SOC 2, PCI DSS, GDPR, and CCPA.
• Hands-on experience securing cloud platforms and SaaS management tools.
• Proficiency in scripting (Python, PowerShell, Bash)
• Experience leveraging AI tools and technologies to create opportunities for optimization, automation, and intelligent use of data integrations.
• Experience administering a SIEM, alerting, and incident response workflows.
• Experience with compliance automation platforms (e.g., Drata)
• Background in risk scoring or control maturity frameworks.
• Comfortable leading large calls with key stakeholders and explaining technical controls to non-technical audiences.
• A bias for action; you are a self-starter comfortable working autonomously.
• Possess intellectual curiosity at all times
• Desire to build and maintain relationships across the business including both technical and non-technical teams

Nice To Haves

• Certifications: CISSP is preferred but not required

Responsibilities

• Lead security incident response efforts, including containment, investigation, root cause analysis, and post-incident reviews. You must be able to organize complex information, initiate response workflows, and confidently lead calls with key stakeholders.
• Manage and monitor endpoint security tools (e.g., CrowdStrike). You must be familiar with modern security requirements for managed devices including laptops, containerized resources, servers, and mobile devices.
• Operate and enhance security monitoring and alerting across cloud, SaaS, endpoint, and identity environments.
• Triage and investigate security alerts related to access misuse, policy violations, suspicious activity, and data exposure.
• Maintain and tune SIEM detections, alert thresholds, and response playbooks.
• Leverage AI tools and technologies to enhance Security Operations
• Lead the technical requirements to enable automation capabilities to improve time-to-respond, evidence collection, and overall efficacy for visibility and reporting.
• Implement and automate compliance workflows by building integrations that support SOC 2, ISO 27001, PCI DSS, and privacy initiatives.
• Ensure evidence is collected automatically and control performance is continuously validated.
• Translate policies into technical solutions, and annually maintain policies to ensure they remain current with evolving business and regulatory needs.
• Evaluate risk posture and technical requirements for third-party vendors to ensure alignment with internal trust and security standards.
• Identify areas for AI tools and technologies to enhance GRC functions
• Engineer and maintain data protection controls—including encryption, logging, access management, data retention, and proper storage and segregation of PII.
• Conduct periodic user access reviews and implement least-privilege access controls and privileged access workflows.
• Detect and investigate insider risk indicators and anomalous access patterns.
• Secure by Design: Partner with product, engineering, and IT teams to embed compliance-by-design principles into new systems and business processes.