About the position
Virtru is a leading data protection provider backed by some of the foremost venture capital firms in Silicon Valley and the Mid-Atlantic region, including Iconiq Capital, Bessemer Venture Partners, Foundry Capital, and Tiger Global. Today, more than ever, data demands respect, and that’s why Virtru is committed to changing the rules for data privacy. At Virtru, we equip our customers to take granular control of their data—everywhere it’s shared—through end-to-end encryption for Google, Microsoft, and other data sharing platforms. Our market-leading portfolio of data encryption and privacy enhancing applications are remarkably easy to use, fast to implement, affordable for all, and built on the Trusted Data Format (TDF) open standard. At Virtru, our motto is "Respect the people. Respect the data." Respecting data to us means keeping it secure and protected at all times across its entire lifecycle. We firmly believe that when you respect data, you’re demonstrating respect for the people who own that data. Working at Virtru, you'll be inspired by colleagues who are passionate about the work they do. We are dedicated to creating an atmosphere that sparks creativity, connection, and professional growth while empowering each other to do our best work. We're building something special at Virtru. We hope you consider joining our team and helping us create a brighter future for data privacy.
Responsibilities
- Lead security compliance initiatives and automation of control validation across our cloud environments using Infrastructure as Code (Terraform, Ansible)
- Build security automation for CI/CD pipelines, including vulnerability scanning and compliance validation
- Conduct regular security reviews and risk assessments of cloud infrastructure and applications
- Collaborate with development and operations teams to implement security controls without impeding velocity
- Develop and maintain security monitoring solutions and respond to security events
- Create and maintain security documentation, training, and guidelines for engineering teams
Requirements
- Demonstrated experience implementing security controls in GCP and/or AWS environments
- Deep understanding of cloud security architecture and best practices, including container and Kubernetes networking security
- Proficiency in security automation using Terraform and/or Ansible, and languages like Go, Python, or Node.js
- Strong knowledge of common compliance frameworks and how to implement technical controls to meet requirements
- Experience with infrastructure scanning tools and security monitoring solutions (ie CNAP, SIEM, CSPM, CWPP)
- Strong incident response skills, security troubleshooting experience and comfortable being On Call
- Clear and effective communication skills, with the ability to articulate security concepts to both technical and non-technical audiences
- A passion for continuously improving security posture and staying current with emerging threats
- Comfortable participating in annual assessments, security control reviews, and audits
Nice-to-haves
- Security certifications (CISSP, CCSP, AWS/GCP security certifications)
- Experience implementing security controls for SOC 2, PCI, HIPAA, or FedRAMP compliance
- Knowledge of threat modeling and secure architecture design
- Experience with security tools like Prismacloud, Wiz, Sysdig, or Aqua Security
- Familiarity with service mesh security (Istio)
- Background in DevSecOps practices and tooling
- Experience with security event monitoring and SIEM solutions
- Public cloud marketplace security validation experience
- Multicloud security controls implementation
