Senior Information Security Engineer
Company: ComplySci
Location: Washington
Posted on: July 5, 2025
|
|
|
Job Description:
COMPLY is the leading global provider of comprehensive
regulatory compliance software and solutions for the financial
services sector. Our OneCOMPLY™ platform provides an all-in-one
approach to address firm and employee compliance requirements
through a configurable and scalable software-as-a-service (SaaS)
platform coupled with expert consulting services. COMPLY serves
thousands of financial services clients including Broker Dealers,
Investment Banks, Private Funds, RIAs, and Wealth Managers who rely
on COMPLY to power their compliance programs. COMPLY is seeking a
Senior Information Security Engineer with 7–10 years of combined IT
and cybersecurity experience to help protect our organization’s
systems and data. The ideal candidate has hands-on experience with
securing modern IT, networking, and cloud infrastructure, and
implementing controls aligned with frameworks such as SOC 2, ISO
27001, regulatory, and privacy requirements (e.g., GDPR, CCPA, EU
DORA.) They are skilled in vulnerability management, SIEM
administration, incident response, continuous security monitoring,
and supporting audit compliance activities. This role will be
pivotal in strengthening our security posture and ensuring
compliance with industry standards. The individual must be
solutions oriented and a self-starter that can work autonomously in
a fully remote environment. Responsibilities: Design, implement,
and maintain security controls and policies to ensure compliance
with SOC 2 and ISO 27001 standards. Developing and updating
security procedures, access controls, and monitoring mechanisms in
line with these frameworks’ requirements for delegation. Lead the
organization’s vulnerability management program, including regular
vulnerability scanning, assessment, and remediation efforts with
Rapid7 InsightVM. Track and report on vulnerability status and
trends monthly and drive continuous improvement in reducing risk
exposure. Manage, configure, tune, optimize, and develop reports
using the company’s Security Information and Event Management
(SIEM) system Rapid7 InsightIDR. Investigate suspected security
events and ensure that threats are detected, analyzed, and
escalated in a timely manner. Coordinate with Infrastructure
Operations and our 24/7/365 SOC vendor to resolve security
incidents. Deploy and maintain detection tools like SentinelOne,
Defender for Cloud/Endpoint, AWS GuardDuty, AlertLogic WAF, and
cloud security monitoring that provide real-time visibility into
security events. Establish processes to review logs and alerts,
watch for anomalous behavior or indicators of compromise, and take
proactive action when issues arise. Manage and administer the
organization’s email spam filter, Mimecast, to include developing
email filters and executing quarterly phishing exercises.
Coordinate with external auditors to support security audits,
assessments, and certifications such as SOC 1, SOC 2, and ISO
27001. Gather evidence of control effectiveness, maintain
documentation (policies, procedures, risk assessments, etc.), and
remediate any findings or non-conformities identified during
audits. Pursue methods to automate artifact collection for annual
audits. Lead routine internal audits to ensure ongoing compliance
with security policies and standards, and drive improvements based
on observations. Develop and refine security policies, standards,
exercises, and guidelines in collaboration with the CTO senior
leadership team. Ensure that policies address compliance
requirements (e.g., access management, data protection, incident
response) and are updated regularly. Contribute to security
awareness training efforts and phishing exercises and educate
employees on cybersecurity best practices. As a senior member of
the security team, be prepared to lead out incident response
activities, determine root cause, and impact to COMPLY. Tune
security tools for better incident detection and participating in
post-incident reviews to implement lessons learned. Collaborate
with Infrastructure, Product, and Engineering teams to ensure
security is embedded in development, IT infrastructure, and new
projects. Advise and assist in implementing system configurations,
conducting security design reviews, and recommending enhancements
to meet security best practices in cloud-based environments (AWS,
Azure.) Support due diligence requests from customers to include
responding to questionnaires, engaging with customers via phone or
email on an as-needed basis, supporting assessments, and
building/maintaining COMPLY’s Trust Center. Qualifications: 7–10
years of combined experience in IT and cybersecurity. Bachelor’s
degree from an accredited institution in Computer Science,
Information Security, Information Technology, or a related field.
At least one industry certification with CISSP, CCSP, CASP, CISM,
or GIAC certifications being highly preferred. Experience
supporting security for a B2B SaaS enterprise offering services to
a regulated industry (e.g., Finance, Healthcare, Government) is
preferred Proactive and self-driven individual with the ability to
work independently in a remote setting. Excellent collaboration and
communication skills with cross-functional and international teams.
Knowledge of SOC 2, ISO 27001, or similar standards and experience
aligning security programs with these or similar frameworks.
Hands-on experience managing vulnerability management, EDR, and
SIEM systems with preference on Rapid7, SentinelOne, and Microsoft
Defender. Demonstrated proficiency with security in cloud and
enterprise environments (AWS, Microsoft 365, Azure). Experience
developing continuous monitoring processes, detection systems, and
incident response best practices. $125,000 - $140,000 a year The
compensation range for this role is specific to the United States.
It takes into account a wide range of factors that are considered
in making compensation decisions, including, but not limited to,
skill sets, training, licensure and certification, and experience.
A reasonable estimate of the base salary range for this role would
be $125,000- $140,000 plus applicable bonus/benefits offerings,
etc., as those similarly situated within the Company. COMPLY is an
Equal Opportunity Employer. All qualified applicants will receive
consideration for employment without regard to race, color,
religion, disability, sex, sexual orientation, gender identity, or
national origin. Nothing in this job posting should be construed as
an offer or guarantee of employment. The company offers a wide
range of perks including: - Comprehensive medical, dental and
vision insurance at little to no cost starting on day one - 401k
with a company match - Supplemental benefits at a discounted rate
including home, auto and pet insurance - Unlimited PTO -
Professional Development reimbursements - Remote opportunities
available for most positions - Time to get together in person for
company happy hours, team offsites and more Applicants must be
authorized to work for any employer in the United States.
Currently, we are unable to sponsor or take over sponsorship of an
employment Visa at this time. COMPLY is aware of scammers posing as
COMPLY employees and extending job offers via direct messaging,
texts and social media platforms. These are fraudulent and should
be treated as such. To learn more about this, please review our
Statement of Fraudulent Job Offers.
Keywords: ComplySci, Bowie , Senior Information Security Engineer, IT / Software / Systems , Washington, Maryland
