Key skills
Security OperationsCloud SecurityIdentity ManagementIncident ResponseSOC2 ComplianceSIEM ToolsEDR ToolsVulnerability ManagementScripting PythonScripting BashInfrastructure as CodeZero Trust PrinciplesDevSecOps PracticesAI Security InnovationsCustomer-Facing ExperienceRelevant CertificationsCommunication SkillsGrowth MindsetPythonBashAIMLAWSAzureGCPTerraformCloudFormationSSOSingle Sign-OnCI/CDZero Trust
About this role
FreeWill is an award-winning, social-good startup that has partnered with over 2,400 nonprofits to generate significant gift commitments. They are seeking a SecOps Engineer to enhance their security program and infrastructure, focusing on incident response, compliance, and security enhancement initiatives.
Responsibilities:
- Enhance our security monitoring and incident response processes across our cloud infrastructure
- Support our vulnerability management program and coordinate remediation efforts
- Optimize and maintain our existing security tooling (SIEM, EDR, cloud security platforms)
- Refine security runbooks and incident response procedures
- Support security investigations and forensics when needed
- Expand our Single Sign-On (SSO) implementation to additional systems
- Advance our Zero Trust architecture to the next level
- Evaluate and integrate AI-specific security controls into our existing framework
- Enhance automation of security processes and controls
- Continue modernizing our authentication and authorization systems
- Support the Director of Technology & Operations with our ongoing SOC2 compliance program
- Handle security questionnaires for enterprise customers
- Lead vendor security assessments for third-party integrations
- Provide technical security expertise on customer calls
- Collaborate with our security team during peak periods
- Maintain and update security policies and procedures
- Support strategic security initiatives as needed
Requirements:
- 5+ years in security operations, security engineering, or related roles
- Deep experience with cloud security (AWS/GCP/Azure)
- Hands-on experience with identity management and SSO systems
- Track record of managing security incidents from detection to resolution
- Experience with security compliance frameworks (SOC2, ISO 27001, etc.)
- Proficient with security tools: SIEM, EDR, vulnerability scanners, cloud security platforms
- Strong scripting abilities (Python, Bash, or similar)
- Experience with infrastructure as code (Terraform, CloudFormation)
- Understanding of DevSecOps practices and CI/CD security
- Knowledge of Zero Trust principles and implementation
- Operates with high autonomy while knowing when to escalate or collaborate
- Balances security requirements with business velocity
- Communicates complex security concepts clearly to non-technical stakeholders
- Thrives in ambiguity and can context-switch effectively
- Brings a growth mindset and stays current with emerging threats
- Experience with AI/ML security challenges
- Customer-facing experience with security reviews or audits
- Relevant certifications (CISSP, Security+, AWS Security, etc.)
- Experience at a high-growth startup
- Background in nonprofit or social impact technology