Security Engineer

As a Security Engineer you'll play a key role in safeguarding Overstory's systems and ensuring trust with our partners and customers. Together with our Director of Information Security and Compliance you will maintain our compliance platform, strengthen our vulnerability management process, support end-users with IT needs, and help us prepare for audits and security reviews.

This role is ideal for someone early in their security career who's eager to grow into a broader role spanning security, compliance, and IT.

• Maintain and improve Overstory's compliance platform in its support of SOC 2, ISO27001 and other frameworks.
• Monitor and track vulnerabilities across infrastructure and applications, coordinating with and assisting engineering teams for timely remediation.
• Provide limited IT support for onboarding, offboarding, access management, and endpoint security.
• Conduct vendor security reviews to manage third-party risk.
• Support SOC 2 and ISO27001 audit compliance, including evidence gathering and control monitoring.
• Assist with customer security questionnaires and maintain a knowledge base of standard responses.

• You bring 2+years of experience in IT support, security engineering, or compliance.
• You have knowledge of (or strong interest in learning) security frameworks like SOC 2 or ISO 27001.
• You are familiar with vulnerability management tools and processes.
• You've had hands-on experience troubleshooting IT issues (macOS, Windows, SaaS tools, identity management).
• You have strong written communication skills and attention to detail.
• You are proactive, curious, and eager to learn.
• You thrive in a collaborative remote environment and enjoy working across teams.