
Lead Security Engineer at Jump. Location Information: Anywhere in the World. . . Headquarters:. Salt Lake City, UT . URL:. http:// . https://jumpapp.com/. . . About you. . . . You love security. It’s what you are all about and you are very very good at it.. . . . You are very motivated and proactive and can get a lot done every day.. . . . You love coding and are excited to learn Elixir. You really want to find and fix security vulnerabilities in an Elixir/Phoenix codebase.. . . . You are very pleasant to work with and people feel better about themselves after interacting with you.. . . . What you’ll do. . . . Provide guidance, training, and tools to developers on secure coding principles, common vulnerabilities, and secure design patterns.. . . . Analyze, fix, and test vulnerabilities.. . . . Do code reviews, audit and analyze source code for vulnerabilities.. . . . Monitor the security industry for new developments.. . . . Evaluate, recommend, and implement security tools and technologies to improve our application security posture.. . . . Conduct threat modeling exercises for new and existing applications and systems.. . . . Ensure systems and processes adhere to relevant security standards, regulations (e.g., ISO 27001, SOC 2, GDPR, HIPAA), and internal policies.. . . . Implement and manage security controls for cloud environments (e.g., AWS, GCP), including identity and access management (IAM), network security, and data protection.. . . . Maintain comprehensive documentation for security processes, tools, and configurations.. . . . What success looks like after 12 months. . . . Major vulnerabilities are found. . . . SOC 2 Type II report continues to be delivered with zero high‐risk exceptions.. . . . Mean‐time‐to‐detect (MTTD) < 15 min and mean‐time‐to‐resolve (MTTR) < 2 hrs for priority‐1 security events.. . . . ≥ 90 % of employees complete annual security training and phishing tests.. . . . Security is a documented, automated part of CI/CD (build fails on critical vulns).. . . . Our largest enterprise customers cite security as a . strength. in renewals.. . . . You might be a fit if you. . . . Have . 5+ years. hands‐on security engineering in cloud‐native (AWS/GCP/Azure) product environments.. . . . Can demonstrate end‐to‐end ownership of at least one compliance framework (SOC 2, ISO 27001, HIPAA, PCI DSS, etc.).. . . . Are fluent in modern DevSecOps tooling (Terraform, Kubernetes, GitHub Actions, OIDC/OAuth).. . . . Write code well enough to build internal tooling or fix a critical bug (we use Elixir & Terraform).. . . . Communicate complex risks in plain language to engineers, execs, and customers.. . . . Are comfortable being a “team of one” at first and progressively hiring/mentoring teammates.. . . . Nice‐to‐haves. : experience with multi‐tenant data isolation, SAML/SCIM integrations, or selling to regulated industries (FinTech, HealthTech, GovTech).. . Compensation & benefits. . Base salary:. $170 k – $260 k USD. . Benefits. : Health/dental/vision, 401k (no match yet). . Time‐off:. Flexible PTO with manager approval. . Gear:. Top‐spec laptop, stipend for home office/security hardware. . Hiring process (2–3 weeks total). . . . Homework assignment. — Takes about 1hr. . . . Intro call (30 min). — with CTO.. . . . Paid Trial week. — Come work with us for a week and see how you like it. . . . Team member intros & Reference checks. . . . Offer. . . . Other info:. . . . We buy the subscriptions you need (Cursor.ai, ChatGPT, etc). . . . We’re a small and efficient dev team. . . . We’re growing gangbusters. All revenue-backed, super low churn.. . . . Raised a $20M Series-A a few months ago. . . . HQ based in SLC, Utah. . . . Remote friendly, must be based in the USA. . . . To apply:. . https://weworkremotely.com/remote-jobs/jump-lead-security-engineer.