Key skills
AWSAzureCloudGoogle Cloud PlatformAIGCPGoogle CloudSaaSRisk ManagementMentoringCommunication
About this role
Role Overview
- Own and evolve Overstory’s compliance program, ensuring ongoing alignment with SOC 2, ISO 27001, and other relevant frameworks
- Drive vulnerability management end-to-end, from detection to remediation, working closely with engineering teams to prioritize and resolve risks efficiently
- Design and improve security processes and controls across infrastructure, applications, and internal systems
- Lead security input in architecture and engineering decisions, helping teams build secure-by-design systems
- Oversee and improve identity and access management, endpoint security, and core IT security practices
- Own vendor security and third-party risk management, including assessments, risk evaluation, and mitigation strategies
- Lead audit readiness and execution for SOC 2 and ISO 27001, including control design, evidence collection, and auditor coordination
- Partner with customer-facing teams to handle security questionnaires and build scalable, high-quality response processes
- Contribute to security awareness and culture, mentoring others and raising the security bar across the organization
Requirements
- 5+ years of experience in security engineering, security operations, or a related field
- Direct experience with security and compliance frameworks such as SOC 2 and/or ISO 27001, including audit processes
- Deep experience with vulnerability management, including tooling, prioritization, and remediation workflows
- Fluency working across cloud environments (AWS, GCP, or Azure) and modern SaaS ecosystems
- Experience with identity and access management, endpoint security, and IT/security operations
- Demonstrated ability to translate security risks into clear, actionable guidance for technical and non-technical stakeholders
- Demonstrable experience (or at a minimum a serious interest in) leveraging AI tooling to accelerate business impact.
- Strong written communication skills and are comfortable owning documentation and audit artifacts
- Demonstrable proactive, pragmatic mindset as well as capacity for balancing security best practices with business needs
- Experience working cross-functionally influencing without authority in a remote-first environment
Tech Stack
- AWS
- Azure
- Cloud
- Google Cloud Platform
Benefits
- Competitive, location-specific compensation and benefits
- Flexible, autonomous and collaborative working environment rooted in trust
- we build our work days around our lives, not the other way around
- Home office stipend, coworking and ongoing education budgets
- A company culture that genuinely embodies each of our core values
- To be part of truly mission-driven work that reduces wildfires, protects earth’s natural resources and helps solve our climate crisis