Later is the world’s most intelligent influencer marketing company, built to give brands the confidence to create unforgettable campaigns. They are seeking a Senior Security Engineer to enhance the company's security posture through engineering and collaboration, focusing on application security, cloud security, and compliance.
Responsibilities:
- Assess and continuously improve Later's overall security posture across applications, infrastructure, cloud environments, corporate systems, vendor tooling, and business workflows
- Define and implement scalable security standards, best practices, and guardrails that support SOC 2 readiness through practical, automated, and auditable solutions
- Partner with Engineering, Infrastructure, IT, Product, Legal, People, Finance, and business leaders to align security priorities with company goals, risk reduction, and delivery timelines
- Translate SOC 2 and related compliance requirements into sustainable technical and operational controls, procedures, and evidence collection practices
- Identify security gaps across the company, prioritize remediation efforts, and help teams make pragmatic, risk-based decisions
- Support company-wide security awareness, secure operating practices, and adoption of security controls across business teams
- Build and maintain internal security tools, automation, and services that support secure development, compliance workflows, vulnerability management, corporate security operations, and operational visibility
- Design and implement security controls within CI/CD pipelines, including secure build and deploy patterns, security scanning, dependency management, container scanning, and secret management
- Support application security efforts, including secure design reviews, threat modeling, code review guidance, API security, microservices security patterns, and remediation planning
- Improve cloud infrastructure and corporate systems security through hardening, monitoring, configuration review, Infrastructure-as-Code security scanning, access reviews, and secure operational patterns
- Collaborate with technical and business teams to identify vulnerabilities and control gaps, explain impact clearly, and drive effective remediation
- Strengthen security observability and response readiness through logging, alerting, detection engineering, incident response improvements, and company-wide security process maturity
- Partner with teams across the company to identify, understand, and fix security issues in a collaborative, non-blocking way
- Provide pragmatic security guidance on designs, implementations, vendor tools, operational practices, and business workflows
- Communicate security risks, tradeoffs, and recommendations clearly across technical and non-technical audiences
- Embed security into development workflows, corporate systems, and company operating practices without slowing teams unnecessarily
- Support SOC 2 and related compliance efforts through automation, well-defined controls, reliable evidence practices, and cross-functional coordination
Requirements:
- 5-7+ years of experience as a Security Engineer or Software Engineer with a strong security focus
- Proven ability to build and operate production-quality software, automation, and internal tooling
- Strong understanding of application security, infrastructure security, cloud security, secure CI/CD practices, and corporate security controls
- Hands-on experience with vulnerability management, secure software development, threat modeling, remediation workflows, and operational security improvements
- Experience with security frameworks and standards such as OWASP, NIST, CIS Controls, SOC 2, and ISO 27001, and the ability to apply them in production and business environments
- Experience supporting SOC 2 compliance efforts through practical, automated, and auditable controls
- Familiarity with cloud security platforms such as AWS Security Hub, Azure Security Center, or GCP Security Command Center
- Experience with SIEM/SOAR tools, logging and monitoring platforms, detection workflows, and practical incident response processes
- Experience with Infrastructure-as-Code security scanning for tools such as Terraform or CloudFormation
- Ability to translate complex security concepts into clear, actionable guidance for technical and non-technical audiences
- Experience collaborating closely with engineering, IT, compliance, and business teams to improve security outcomes
- Familiarity with C#, modern backend systems, cloud-native architecture, and SaaS business tooling