Security Engineer

Company Description

Careful Security is a boutique cybersecurity and compliance implementation firm with a 100% first-attempt certification pass rate. We deliver hands-on compliance readiness (SOC 2, ISO 27001, ISO 42001, HIPAA, PCI-DSS), vCISO services, penetration testing, and our proprietary compliance monitoring platform, Dashr.ai. We're scaling from $500K to $5M ARR and looking for people who execute.

Role Description

The Security Engineer owns the day-to-day technical delivery across our active client portfolio. You'll run gap analyses, implement security controls, collect audit evidence, manage SIEM/SOC monitoring and alerting, and communicate findings directly to stakeholders — across 4+ client accounts simultaneously. This is hands-on compliance implementation and security operations work, not passive monitoring.

This is also a ground-floor opportunity to help build the security practice at a firm that's scaling fast. You'll work directly with the CEO, shape how we deliver across multiple compliance frameworks, contribute to our proprietary compliance platform (Dashr.ai), and have a clear path to Senior Engineer or Lead Consultant within 12-18 months based on performance.

What You'll Do

• Conduct technical gap analyses against SOC 2, ISO 27001, ISO 42001 (AI Management Systems), HIPAA, and PCI-DSS frameworks
• Configure and validate security controls (endpoint, identity, access, logging, encryption)
• Manage SIEM platforms — build detections, tune alerting rules, triage and investigate security events
• Perform SOC analyst functions including alert triage, incident investigation, and escalation
• Prepare complete, audit-ready evidence packages for external audits
• Run vulnerability scans, triage findings, and coordinate remediation
• Draft and maintain client security policies and procedures
• Communicate security findings to both technical and executive audiences
• Work across client environments using tools like CrowdStrike, SentinelOne, Entra ID, Google Workspace, AWS, Azure, Cisco Meraki, and FortiGate

What We Need

• 3-5 years hands-on in cybersecurity engineering, SIEM/SOC analysis, or compliance implementation
• Direct experience with at least two of: SOC 2, ISO 27001, ISO 42001, HIPAA, PCI-DSS
• SIEM experience (Splunk, Sentinel, Elastic, or equivalent) — building queries, tuning rules, investigating alerts
• Consulting/multi-client experience (you can context-switch without dropping balls)
• Self-directed — you identify work and claim it, not wait to be assigned
• Clear communicator who can explain findings to a CISO and a CFO
• CompTIA Security+ minimum; CISSP, CISA, or ISO 27001 Lead Implementer preferred
• ISO 42001 experience or familiarity with AI governance frameworks is a strong plus

Why Careful Security

• $110K-$130K compensation (contract-to-hire, details below)
• Direct access to the CEO — no layers, no bureaucracy
• Clear promotion path to Senior Engineer / Lead Consultant within 12-18 months
• Help build and shape the compliance practice from the ground up
• Contribute to Dashr.ai — you're not just consulting, you're building a product
• Exposure across multiple compliance frameworks, industries, and client environments
• Performance is recognized and rewarded, not buried in annual review cycles

Structure

30-day contract trial (1099, LLC required per CA AB5), converting to W-2 full-time upon successful completion. $110K-$130K range. Remote, U.S.-based. Reports directly to the CEO.