Security Compliance Engineer
AI Summary
Hello there! Infrrd here. Haven't heard of us before? No problem. First off, it's pronounced In-fur-d. Infrrd is a leading AI-powered Intelligent Document Processing (IDP) company that helps enterprises automate complex document-centric processes using proprietary machine learning and computer vision models.
About this role
Hello there! Infrrd here.
Haven't heard of us before? No problem. First off, it's pronounced In-fur-d.
Infrrd is a leading AI-powered Intelligent Document Processing (IDP) company that helps enterprises automate complex document-centric processes using proprietary machine learning and computer vision models. Our platform enables global enterprises to unlock valuable insights from unstructured data at scale, driving efficiency, compliance, and better decision-making.
And now, we are on the lookout for a Security Compliance Engineer.
As a Security Compliance Engineer at Infrrd, you will own information security end-to-end: both the governance/compliance side (ISO 27001, SOC 2, GDPR, HIPAA and mortgage-industry data protection requirements) and the hands-on technical side (hardening our AWS infrastructure, databases, and application APIs). You will work across Engineering, IT, Product, Legal, and Customer Success to strengthen our security posture, drive compliance initiatives, and support customers with their security and governance requirements.
Key Responsibilities:
Hands-On Technical Security Implementation:
●Design, configure, and harden AWS security controls: IAM least-privilege policies, VPC/network segmentation, security groups, KMS encryption, Guard Duty, Security Hub, CloudTrail, AWS Config, WAF, and Secrets Manager.
●Assess and remediate database security across our environments (e.g. RDS/PostgreSQL, MongoDB, DynamoDB): encryption at rest and in transit, least-privilege access, credential rotation, audit logging, and backup/DR testing.
●Review and harden application API security: authentication/authorization (OAuth2/JWT), input validation, rate limiting, API gateway configuration, and remediation of OWASP API Security Top 10 risks.
●Partner directly with Engineering on architecture and code-level security reviews, not just governance sign-off.
●Own the vulnerability management and penetration testing program: schedule scans/tests, triage findings, and personally verify that fixes are correctly implemented.
●Evaluate and roll out security tooling as needed (SIEM/log monitoring, cloud security posture management, IaC scanning such as Checkov/tfsec, SAST/DAST).
Governance, Risk & Compliance:
●Lead and manage compliance initiatives across ISO 27001, SOC 2, GDPR, HIPAA, and other applicable frameworks, including those specific to mortgage/financial-services customers (e.g., GLBA).
●Own and coordinate internal and external security audits, certification processes, and compliance assessments.
●Develop, maintain, and continuously improve security policies, procedures, and documentation and verify they are actually being followed, not just published.
●Conduct periodic risk assessments and drive remediation to closure with the owning teams.
●Manage customer security questionnaires, due diligence requests, and compliance documentation during sales and customer onboarding.
●Monitor adherence to internal security policies and recommend improvements to the organization's security posture.
●Collaborate with vendors and third parties to perform security and compliance assessments.
●Stay current on evolving cybersecurity regulations, compliance requirements, and industry best practices.
●Drive security awareness initiatives and promote a culture of security across the organization.
Qualifications:
●6–12 years of experience in Information Security, spanning both Governance, Risk & Compliance (GRC) and hands on security engineering. Candidates with compliance/audit experience only will not be a fit for this role.
●Demonstrable, hands-on experience personally implementing and configuring security controls in a cloud environment (AWS strongly preferred): IAM, network security, encryption/KMS, logging and monitoring.
●Practical experience securing databases and APIs in a production SaaS environment.
●Strong understanding of security frameworks such as ISO 27001, SOC 2, NIST, GDPR, HIPAA, and mortgage/financial-services compliance requirements (e.g., GLBA).
●Experience managing security audits, compliance programs, and risk assessments.
●Familiarity with vulnerability scanning and penetration testing, either hands-on or in direct coordination with testers, including remediation verification.
●Excellent communication and stakeholder management skills, able to work across technical and business teams.
●Strong analytical, documentation, and project management skills.
●Bachelor’s degree in information security, Computer Science, Information Technology, Engineering, or a related field.
●Certifications that signal hands-on capability are a strong plus: AWS Certified Security – Specialty, OSCP, CCSP, in addition to governance certifications such as CISSP, CISA, CISM, CRISC, or ISO 27001 Lead Auditor/Lead Implementer.
Why Join Infrrd:
●Be part of a fast-growing AI company that's transforming how global enterprises extract value from documents.
●Own security end-to-end: policy and implementation, rather than just one half of the job.
●Work alongside passionate engineers, AI experts, and business leaders to solve complex security and compliance challenges.
●Enjoy a culture of ownership, transparency, and continuous learning.
●Competitive compensation, flexible work options, and opportunities for career growth.
