Senior Security Engineer

The Role

You will be UserGems' single dedicated security person, taking over the operational majority of the security work the Sr. Director currently owns. This is a compliance-led role with hands-on operational components - heavy on SOC 2 / ISO ownership, customer security reviews, day-to-day program operations, and Drata-driven remediation in AWS. Compliance is the primary focus and over time you'll own the full technical scope described below as well. The Sr. Director approves direction; you propose, shape, and execute the program.

You'll thrive here if you:

• Lean strongly into compliance/GRC operations - with enough hands-on AWS comfort to action Drata-flagged remediations independently.
• Want to own operations end-to-end and influence direction - you propose, the Sr. Director approves, you ship.
• Like a startup environment where priorities are clear, ownership is real, and you ship and move on.

What You'll Do

• Own SOC 2 - keep Drata green and audits clean.
• Lead ISO 27001 implementation, then ISO 42001.
• Run the customer security questionnaire process (SafeBase + Trust Center) - fast turnaround directly unblocks revenue.
• Drata-driven AWS remediation. Action simple Drata findings directly in AWS yourself - IAM tweaks, S3 settings, secrets hygiene, audit-trail follow-ups.