Note: The job is a remote job and is open to candidates in USA. Overstory is a company focused on addressing the climate crisis through innovative technology that enhances the electrical grid's resilience. As a Senior Security Engineer, you will be responsible for safeguarding Overstory’s systems and data, leading security initiatives, and partnering with various teams to implement and improve security practices.
Responsibilities
- Own and evolve Overstory’s compliance program, ensuring ongoing alignment with SOC 2, ISO 27001, and other relevant frameworks
- Drive vulnerability management end-to-end, from detection to remediation, working closely with engineering teams to prioritize and resolve risks efficiently
- Design and improve security processes and controls across infrastructure, applications, and internal systems
- Lead security input in architecture and engineering decisions, helping teams build secure-by-design systems
- Oversee and improve identity and access management, endpoint security, and core IT security practices
- Own vendor security and third-party risk management, including assessments, risk evaluation, and mitigation strategies
- Lead audit readiness and execution for SOC 2 and ISO 27001, including control design, evidence collection, and auditor coordination
- Partner with customer-facing teams to handle security questionnaires and build scalable, high-quality response processes
- Contribute to security awareness and culture, mentoring others and raising the security bar across the organization
Skills
- 5+ years of experience in security engineering, security operations, or a related field
- Direct experience with security and compliance frameworks such as SOC 2 and/or ISO 27001, including audit processes
- Deep experience with vulnerability management, including tooling, prioritization, and remediation workflows
- Fluency working across cloud environments (AWS, GCP, or Azure) and modern SaaS ecosystems
- Experience with identity and access management, endpoint security, and IT/security operations
- Demonstrated ability to translate security risks into clear, actionable guidance for technical and non-technical stakeholders
- Demonstrable experience (or at a minimum a serious interest in) leveraging AI tooling to accelerate business impact
- Strong written communication skills and are comfortable owning documentation and audit artifacts
- Demonstrable proactive, pragmatic mindset as well as capacity for balancing security best practices with business needs
- Experience working cross-functionally influencing without authority in a remote-first environment
- Experience designing or improving SIEM, logging, and alerting pipelines
- Familiarity with compliance automation platforms (Drata, Vanta, Tugboat, etc.)
- Experience leading or owning SOC 2 / ISO 27001 audits
- Background in application or cloud security engineering
- Experience mentoring or guiding more junior team members
Benefits
- Competitive, location-specific compensation and benefits
- Flexible, autonomous and collaborative working environment rooted in trust - we build our work days around our lives, not the other way around
- Home office stipend, coworking and ongoing education budgets
- A company culture that genuinely embodies each of our core values
- To be part of truly mission-driven work that reduces wildfires, protects earth’s natural resources and helps solve our climate crisis
- We gather once a year in-person for our unforgettable team gathering event
- We also offer the option to occasionally meet up for in-person collaboration
Company Overview