Careers

Senior Security Consultant

Remote · Full-time · $80K base + 25% quarterly bonus ($100K OTE)

The Role

You will serve as a technical security consultant embedded across multiple client engagements. You will independently lead workstreams, not assist on them. This is not a role where someone hands you a checklist. You will be the person who builds the checklist.

Our engagements span cloud security architecture, corporate IT security program management, and technical compliance implementation.

What You Will Do

  • Lead technical security assessments: cloud configuration reviews, vulnerability assessments, security architecture reviews across AWS, GCP, and Azure environments
  • Implement and manage security tooling: deploy and configure EDR, SIEM, CSPM, MDM, IAM, and SSO solutions in client environments. Own the outcome, not just the ticket
  • Run corporate IT security programs: manage endpoint fleets, administer identity providers (Okta, Google Workspace, Azure AD), enforce device compliance policies, handle onboarding/offboarding security workflows, and maintain the day-to-day security posture of client organizations
  • Design security programs: build security roadmaps, develop security architectures, and advise clients on technical control implementation for compliance frameworks (SOC 2, ISO 27001, HIPAA)
  • Own client relationships: run your own workstreams, lead client meetings, provide weekly status updates, and manage expectations directly with client stakeholders
  • Produce executive-quality deliverables: assessment reports, security roadmaps, architecture documentation, and remediation plans ready for client leadership without heavy editing
  • Manage security questionnaires: coordinate with SMEs, ensure quality of submissions, and contribute to client knowledge bases

What We Require

  • 5-7 years of hands-on experience in cybersecurity. Actual technical security delivery
  • Prior consulting or professional services experience is mandatory. You must have managed multiple clients, scoped your own work, and communicated directly with stakeholders

Deep expertise in at least two of the following:

  • Cloud security (AWS and/or GCP: IAM, networking, security services, configuration hardening)
  • Corporate IT security (endpoint management, MDM, identity providers like Okta/Azure AD/Google Workspace, SSO/SCIM, device compliance)
  • Endpoint and detection (EDR, SIEM, vulnerability management, incident response)
  • Application security (secure SDLC, code review, CI/CD pipeline security)
  • Working knowledge of compliance frameworks: you must understand what SOC 2 Type II and ISO 27001 require technically and be able to implement controls, not just document them
  • Strong technical writing skills: SOPs, assessment reports, architecture documents. If your writing needs significant editing, this isn't the right fit
  • Professional-level English: written and verbal. You will be on client calls with US-based engineering and leadership teams daily

What Sets You Apart

  • You've led engagements, not just participated in them
  • You can walk into a client's AWS environment and within a day tell them what's wrong and what to fix
  • You've managed a corporate IT security program (endpoint fleet, identity provider, device compliance), not just audited one
  • You've taken a security program from roadmap to operational
  • You have certifications like CISSP, OSCP, AWS Security Specialty, or equivalent (not required, but signals depth)

How to Apply

Send an introduction and resume to:

In your introduction, tell us:

  1. Which client engagements from your past are you most proud of, and why?
  2. What is your strongest technical security domain?
  3. What is your experience with compliance frameworks (SOC 2, ISO 27001, etc.)?

We don't need a cover letter. We need to understand how you think and what you've actually done.