Security and Compliance Engineer - Remote

Overview

As an email service provider, compliance is as critical as uptime. We take a different approach than the rest of the industry, and we need someone to help us scale this approach to millions of senders.

Along with compliance of our email infrastructure, we also need to maintain and expand our security posture and achieve new certifications like ISO 27001 and HIPAA.

Penetration tests and application security are not part of this role. Rather, this role is focused on anti-spam, anti-phishing, and threat detection.

In Short

• Design and build the anti abuse infrastructure
• Migrate from our existing rule engine provider
• Uncover novel threat patterns using data and automation
• Respond to threats and help triage, resolve, or escalate
• Maintain our SOC 2 and GDPR compliance
• Achieve ISO 27001 and HIPAA certifications
• Help Success build onboarding plans for large senders
• Consult product team on email compliance best practices

Requirements

• Have 5 years of experience with email compliance
• Implemented an anti-abuse system end-to-end
• Maintained SOC 2, GDPR, ISO 27001, and HIPAA certifications
• Have experience with Node.js, React, and AWS technologies
• Have helped clients improve their email sending practices

Benefits

• Honest and low-ego team
• Autonomy to "just ship it"
• Ownership of problems and solutions
• 100% remote team with flexible working schedules
• Modern tech stack (Next.js, Vercel, AWS, Raycast, Retool, Notion, etc.)