SecOps Engineer

Job Description

About Yardstik

Yardstik is a start-up software company with a mission of building trust and safety into the Internet Economy. The world of background screening, certification, and training has lacked innovation and we’re here to change that for our customers. Our enterprise-class technology allows us to provide a right-fit solution for our customers realistic for any platform, in any industry. Join us in our efforts to protect organizations and their people.

We are honored to have recently been named a MSPBJ Best Place to Work for the fifth year in a row. Come be part of our amazing culture and join an environment where you can see and feel the impact of your work every day.

About the Role

We are adding a SecOps Engineer to own and advance the security posture of our platform and infrastructure. You will work alongside engineering and operations teams to identify, mitigate, and prevent security risks across our cloud environment, applications, and data systems.

In this role you will be expected to be in office 2-3 days a week.

This position sits within our Infrastructure & Security team. Your primary focus will be protecting Yardstik’s systems, data, and customers through hands-on security engineering, cloud hardening, threat detection, incident response, and compliance enablement while maintaining the operational reliability our platform depends on.

You are the right candidate if you are an experienced engineer who thinks security-first, is comfortable operating cloud infrastructure at scale, and wants to be the person the team turns to when something needs to be locked down, investigated, or hardened.

This is a unique opportunity to join the company at an early stage and we are looking for someone who wants to evolve with us.

This role is not eligible for visa sponsorship.

Essential Accountabilities

• Own Yardstik's security posture across cloud infrastructure and applications

• Detect, investigate, and respond to security incidents

• Harden cloud environments through least-privilege IAM, network segmentation, etc

• Manage vulnerability scanners, SIEM, endpoint protection, and intrusion detection tools

• Conduct threat modeling, vulnerability assessments, and penetration testing

What’s Expected of You

• Serve as a security SME for the Technology organization, advising engineering teams on secure architecture, configurations, and operational practices

• Manage and harden AWS cloud infrastructure using Terraform and IaC, with a focus on security controls, audit logging, and compliance

• Build and maintain security monitoring, alerting, and detection pipelines using SIEM tools, log aggregation, and anomaly detection

• Perform vulnerability management: scanning, triaging, prioritizing, tracking remediation, and validating fixes

• Design and enforce network security controls including VPCs, security groups, WAF rules, and DDoS mitigation strategies

• Automate security workflows, compliance checks, and operational tasks through scripting (Python, Ruby, Bash)

• Respond to and lead security incident triage, including on-call rotations, with a focus on reducing MTTD and MTTR

• Evaluate and implement new security tools, technologies, and processes.

• Collaborate with engineering to integrate security requirements into application design and infrastructure changes

Your Experience Might Look Something Like This

• Cloud-native environments (AWS preferred)

• SIEM management, log analysis, alert tuning, and incident response

• Infrastructure as Code (Terraform, CloudFormation)

• Vulnerability management: scanning, triage, remediation tracking, and reporting

• Security scanning and assessment tools (Snyk, SonarQube, ZAP, Burp Suite, or similar)

• Networking fundamentals (VPC, VPN, DNS, TLS) and web security (WAF, CDN, OWASP Top 10)

• Monitoring and observability platforms (DataDog, Splunk, or similar) with security focus

• Container security: image scanning, runtime security, and orchestration platforms (Kubernetes, EKS, ECS)

• Proficient with scripting languages for security automation (Python, Ruby, Bash)

• On-call and incident response processes, including security-specific triage, containment, and post-mortems

Preferred Qualifications

• Strong Linux systems administration with security hardening experience (CIS)

• Deep experience with AWS security services: IAM, GuardDuty, Security Hub, CloudTrail, Config, KMS

• Expertise with IAM design principles: least-privilege, RBAC/ABAC, service control policies, and cross-account access patterns

• Experience with identity and access management: SSO, OAuth/OIDC, SAML, and directory services

• Familiarity with secrets management platforms (AWS Secrets Manager, HashiCorp Vault, or similar)

• Experience with compliance frameworks (SOC 2, GDPR, or similar) and translating requirements into enforceable technical controls

• Understanding of threat modeling methodologies (STRIDE, DREAD, attack trees) and vulnerability management lifecycle

• Git-based source control proficiency and familiarity with GitOps methodologies

• Experience with cloud infrastructure automation and configuration management

• Security certifications such as AWS Security Specialty, CompTIA Security+, OSCP, CEH, CISSP, or similar

• Familiarity with supply chain security practices (SBOM generation, dependency pinning, signed artifacts)

What We Offer

• Company Health Insurance Plan

• Health Savings Account

• Liberal Vacation Policy

• Opportunity to accelerate your career

Compensation

At Yardstik, we are committed to ensuring that each employee's compensation reflects their unique experiences, performance, and skills in their role. Yardstik provides the annualized compensation range of $120,000 - $165,000 for this role.

Equal Employment Opportunity

Yardstik is an Equal Opportunity Employer. We’re committed to building a team based on talent, qualifications, and merit, welcoming all applicants without discrimination.