Security and Compliance Engineer

San Francisco
Engineering
Full-time
ABOUT ENVOY:

Envoy makes workplaces work better. With a focus on the details, we craft beautiful, modern software that elevates the workplace experience. Companies like Slack, Pinterest, Spotify, Nike, and American Express have worked with Envoy to welcome over 30 million visitors to more than 10,000 locations around the world. We are proudly backed by Andreessen Horowitz, Menlo Ventures, Initialized Capital, and many others.

Our mission is to challenge the status quo of workplace technology. This idea started at the front desk, where we set a new standard for visitor sign-in. Now, we’re looking around the office—to the mailroom, meeting rooms and beyond—and asking how can we make this better, too? We envision a world where technology is woven through our workplaces, all of it working together to make our time there delightful.

If this world sounds exciting, we’d love for you to help us build it.

ABOUT THE ROLE:

We are looking for someone to lead our security and compliance efforts across engineering and the organization at large.  Our customers trust us to protect their data, and to do so, we comply with many standards to put their minds at ease.  We need somebody to focus on maintaining our customers’ trust and expectations while steering engineering away from predicaments that could put our business (and theirs!) at risk.  It is important to be able to understand both the letter of the law and the spirit of the law to enable engineering to make the appropriate decisions so they can continue working at an efficient, productive pace, while simultaneously keeping our customers secure.

You Will

    • You will take on a Lead role on all things security and compliance.
    • You will maintain a risk and threat matrix, and develop mitigation and contingency plans.
    • You will coordinate with other departments across the company to plan, implement, and evaluate compliance and security activities.
    • You will nurture relationships with external security contributors, managing our bug bounty program, security audits, and penetration tests. 
    • You will work with all aspects of the organization to support their efforts as Envoy grows, including working with Sales and Success teams to help customers understand our stance and policies.
    • You find innovative solutions to complex problems.  Compliance is a field with a lot of nuances and controls.  We need to figure out how to address compliance concerns without hindering our rate of innovation.
    • You will take on an ownership stake in all of your work, as well as be accountable for the security and compliance related work of engineering overall. 
    • You will develop processes and procedures, and hold people accountable to them to help keep us and our customers safe.
    • You will lead security and compliance training for all Envoy employees.
    • You will participate in hiring as a technical interviewer.
    • You take initiative and pitch in. You jump into areas that need your help, you leave things better than when you found it, and you actively contribute to your team’s and the engineering org’s priorities.

SKILLS AND EXPERIENCE:

    • You have a deep understanding of our current and aspiring Security and Compliance standards.
    • You can explain our security and compliance stance to others.
    • You have a good understanding of how your efforts will affect engineering and sales efforts, and know how to make those tradeoffs.
    • You are a systems thinker. You think about how security and compliance will affect other aspects of the services Envoy provides, and how it will evolve in the future.
    • You’re a skilled manager of the projects you lead or are a part of. You can organize and lead processes, ceremonies, and tools to do so (e.g. sprint planning sessions, standups, task tracking boards, risk plans.)

Behaviors and Mindset

    • You evangelize and champion security and compliance in our work at Envoy. You believe that security and compliance are more than a series of checkboxes to check, and that everyone has a role to play. 
    • You are accountable not only for your own work, but for those of your teammates.
    • You are someone with extremely high standards. You’re practical and know perfect is the enemy of good, but you aspire for us to be great.
    • You are an owner. You feel personally accountable and responsible and know seeing the problem is less than half of it. You look for problems and inefficiencies and find elegant solutions to them before they become major issues.
    • You stay on top of risks. As our organization becomes commonplace around the world, the products and services we provide and data we store will be more and more valuable. It is your job to make things highly secure and compliant as appropriate.
    • You keep up to date on the latest security and compliance news. You keep an eye on CVE’s, and see changes in the legal landscape coming, because you want to be ready for what’s around the corner. 
If this kind of work sounds interesting, we'd love to hear from you! We're open to all backgrounds and we believe that great people can always find a place. People do their best work when they can be themselves, so we value uniqueness. We never discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status or disability status.