Senior Security Engineer

The Role

We’re seeking a Senior Security Engineer to drive security engineering and compliance initiatives across our app. In this role, you'll partner with engineering teams to design, implement, and automate security controls that meet rigorous compliance standards (SOC 2, GDPR, and CCPA). You’ll own security architecture decisions, vulnerability management, and lead efforts to ensure that we stay ahead of evolving threats.

If you're passionate about scalable security engineering, proactive compliance, and empowering developers to ship secure products, we want to hear from you.

Location: Candidates must permanently and currently reside in the United States. Employees are not required to work in the office or relocate to Lincoln, Nebraska, for this opportunity, but occasional travel to HQ will be required.

Working At CompanyCam

Our engineering team is remote-first, spanning every time zone in the United States. We welcome people from all backgrounds and really don't care whether or not you have a CS degree or even a high school diploma. All that matters is that you're not an a**hole and you're good at what you do.

At CompanyCam we’re driven to produce work with meaningful outcomes. That means not just dumping features and “improvements” but being able to reflect and learn from our outputs. We’re actively working to center our work on continuous discovery habits (CDH) as outlined by Teresa Torres.

Okay, that’s how we identify work to do, but how do we actually work? We take a flexible approach, pulling from Agile, Sprints, Kanban, and even Shape Up. Rather than being overly prescriptive, we provide guardrails and just enough constraints to keep teams moving. Each team is expected to collaborate, iterate, and refine their best practices to produce high-quality work.

Our teams are made up of a product manager, a product designer, a QA engineer, a senior developer and an appropriate number of engineers for the scope of your team. We also believe in intentional downtime. After delivering projects, we carve out explicit time for teams to recoup, explore self-directed work, and focus on what matters to them—whether that’s learning new skills, tackling pet projects, or finally fixing that bug that’s been nagging you.

We protect our engineers' time, treat them like adults, and trust them to get their work done. We’re also big on not overworking people. Put in your eight hours of focused, quality work and then TURN. SLACK. OFF. No nights and weekends.

What You’ll Do

• Create or contribute to tooling that supports secure code delivery and infrastructure as code validation
• Design and enforce access control mechanisms aligned with least privilege and segregation of duties across infrastructure, applications, and data layers
• Provide guidance on security best practices for product, platform, and infrastructure teams to align development with compliance requirements
• Partner with product and engineering to ensure appropriate handling of sensitive data, including encryption, retention, and secure deletion policies
• Build automated playbooks for security incident response and partner with teams on real-world incident handling
• Conduct proactive threat detection and response activities, including investigation and forensics as needed
• Maintain visibility into third-party and supply chain risks through vendor assessments and open source review
• Report on vulnerability trends and remediation metrics across environments
• Lead compliance-related training initiatives, ensuring teams understand security policies and regulatory requirements
• Contribute to security education for engineers through documentation, secure development guidance and internal training.

What You’ll Bring

• 5+ years of hands-on experience in a security engineering or infrastructure security role
• Strong experience with cloud-native platforms (AWS preferred)
• Hands-on with CI/CD, infrastructure as code, and security automation
• Familiarity with compliance frameworks (SOC 2, ISO 27001) and data privacy regulations (GDPR, CCPA)
• Experience with pen testing, red teaming, or offensive security methods
• Proficiency in web application security (preferably Ruby on Rails, Django, or Express)
• Scripting in Ruby and Bash preferred
• Ability to balance security risks with product and engineering goals
• Clear, confident communication across both technical and non-technical teams
• Comfortable navigating ambiguity and working in fast-moving environments
• A continuous growth-mindset, with a focus on learning, embracing challenges, and continuously improving.
• A knack for creativity and innovation, bringing fresh ideas to the table and solving complex problems.

Benefits & Compensation

This is a salaried position at CompanyCam. Our starting salary is $130,000 - $170,000 per year and is based on experience. We also offer meaningful equity and other benefits.

We pride ourselves on celebrating everyone. CompanyCam is an equal-opportunity employer actively working on creating an inclusive work environment where everyone can thrive. Are you reading this and wondering if you meet every requirement? Studies show that workplace minorities, such as women and people of color, are less likely than other applicants to apply for a job when they don’t meet every single requirement. Even if your experience doesn’t perfectly align, we encourage you to apply. We’re interested in hiring passionate, hard-working people—not checking boxes.

For any accommodations or adjustments to complete the online application or to participate in the interview process, please email [email protected] and we’ll respond to your email promptly. Do not include any medical or health information in your email.