Who you are

• 5+ years implementing security controls and operations in a SaaS environment
• Hands-on with Google Cloud Platform (GCP) and Google Kubernetes Engine (GKE), and comfortable securing the CI/CD pipelines and GitHub Actions workflows that engineering teams actually ship through
• Real experience seeing a SOC 2 audit through to completion, not just participating in one
• Actively using AI tooling in your work today, with the judgment to help teams adopt it quickly and the instinct to know where it introduces risk
• Know your way around Infrastructure-as-Code and can spot a misconfiguration before it becomes a problem
• Understand how modern software gets built, including PR processes, and can work within them without slowing anyone down
• A strong communicator who can translate complex security tradeoffs clearly to engineers, executives, and everyone in between
• A creative problem solver who figures things out even when the resources, the team, or the playbook aren't there yet
• Proficient in Python or Go for security automation, with the ability to read and understand code, experience with PHP or Elixir is a significant advantage in our environment
• Deep familiarity with security technologies, including SIEM, and hands-on experience with Datadog for observability-driven security
• Solid grounding in application security, threat and risk assessments, and security risk management, with exposure to bug bounty programs as a plus
• We know you might not check every box, and that’s okay. If you’re excited about this role, inspired to contribute to a meaningful product, and eager to share ideas that drive real change, we’d love to hear from you

What the job involves

• Replace manual SOC 2 evidence collection with automated drift detection by building Security-as-Code directly into our GCP/GKE environment
• Partner with engineering squads to embed security into the Definition of Done, so it ships with the feature, not after
• Engineer and tune Datadog SIEM detections to cut noise, surface what matters, and route high-fidelity alerts straight to #secops
• Reduce PII exposure in real troubleshooting workflows by building masking and synthetic data tooling that developers actually want to use
• Own vulnerability management end-to-end, from identifying risks to implementing mitigations across the org
• Lead incident response when it counts and run tabletop exercises so the team is ready before it does
• Evaluate and onboard new security tooling by running POCs, gathering requirements, and making calls that move us forward without slowing teams down
• Assist with execution and deliverables pertaining to Information Security roadmap
• React promptly, decisively, and independently in high-stress situations

Benefits

• Equity in a Silicon Valley VC-backed startup 💰
• Competitive health benefits 🏥
• Generous & flexible vacation 🏝
• Unlimited snacks and a fully stocked fridge 🍎
• A culture that values authenticity, trust, and curiosity 🧠
• Apple equipment 💻
• Casual dress code 👖
• Our offices share neighborhoods with awesome restaurants! 🏙️️
• Exciting technical challenges and learning opportunities 👾
• Endless supply of Slack GIFs and dad jokes 👴🏻️️
• Free membership to our on-site gym (in Saskatoon)🏋