As an Appcues Security Engineer, your work will ensure the trust of thousands of Appcues customers who depend on our services to deliver in-app experiences and protect the integrity of their data. Our customers, such as Amplitude, Lyft, and Segment, use Appcues to improve the user experience of their products and drive business growth.  This role is a unique opportunity to join a small, senior team designing, building, and operating secure, modern services at scale.  You will be responsible for security and compliance programs such as SOC-2, answering customer questions about our security posture and programs, and continually improving our security programs across engineering and the company.

About the role

    • You will work across the entire company to maintain compliance with our programs and conduct internal audits
    • You will manage our compliance calendar, including recurring events, such as our SOC-2 audit and penetration tests.
    • You will answer customer questionnaires about our security and compliance programs
    • You will collaborate with legal and engineering leadership to review and approve changes to customer contracts that may impact our security or engineering process and infrastructure.
    • You will collaborate across various company teams and departments to complete risk assessments and report the progress of risk management programs.
    • You will develop and deliver customized security training across the company.
    • You will coordinate the execution of our SOC-2 controls and gather evidence for audits.
    • You will continually improve our security posture and processes, including our velocity and consistency, by implementing automation and new tooling.
    • On a typical day, you may answer a customer’s security questions, submit evidence to our SOC-2 auditor, work with legal to review operational requirements and customer contracts, implement process automation and improvements, report on security metrics, or process customer data-deletion requests.

About you

    • You can comfortably work 9-5 Eastern Time.  While we are a 100% remote-1st company and you can connect from anywhere, we require 8 hours overlap to collaborate effectively with the rest of our team members who work these hours.
    • You have some previous experience working with compliance and certification standards (SOC, ISO, PCI, GDPR, HIPAA, etc.)
    • You have a basic working knowledge of web application security, such as OWASP.
    • You are diligent and persistent and not afraid to follow up with others to get the job done on time.
    • You are excited to join a company with a commitment to security, on a small team with lots of opportunities to implement your vision.
    • You have a growth mindset and are excited to learn and show how to improve team standards, practices, and tools.
    • You are energized by working in a highly collaborative environment at a customer-driven startup.
    • You possess excellent written communication skills and naturally lead with context, explaining the why of your initiatives and proposals.
    • Bonus if you are comfortable with Linux and basic scripting.  If not, we can teach you.
    • You believe remote teams are the future of work or are at least excited about the idea.
Our Benefits
100% remote – We don’t have an office which ensures all of our employees learn and collaborate in the same way using remote work practices. This won’t change post-COVID as we are committed to being 100% remote for the long-term. We work in Slack, Zoom, and a collection of modern collaboration tools. We have inclusive remote events and, after COVID times, will get together twice a year for a fun off-site retreat.
Well-being – You’ll have solid health, dental, and vision plans; access to 401k, and a generous maternity and paternity leave.
Home office and tech budget – We offer a $1000 home office stipend and an additional $500 annual budget for extra work-related technology.
Coworking space, on us – Home office not cutting it? We’ll reimburse your monthly coworking fees.
Equity – We want everyone invested in our success. We grant every employee equity in the company.
Transparency and collaboration – We foster team alignment with meetings of all shapes and sizes—a monthly all-hands meeting called FirstThurs, weekly team lunches, and Lunch & Learns.
Unlimited vacation – We believe time away to reflect and explore makes us all more productive, so we expect each employee to take a minimum of ten days of vacation per year.
About us
At Appcues, our mission is to help teams build products their users love. With Appcues, you can create in-product experiences (user onboarding, feature announcements, checklists, and more) without writing any code. We believe it’s the non-technical people who often have the best information about a user’s needs and desires, and we give them the tools to act.
We’re a dynamic group of talented teammates who challenge, trust, and care about each other, their work, and the success story we are writing. Our values are not just words. We live by them.
Appcues is an equal opportunity employer that commits to diversity and inclusion and also celebrates it. We do not discriminate based on race, color, national origin, religion, gender, gender expression, sexual orientation, age, veteran status, disability status, or marital status. We believe that diverse teams foster a more inclusive company culture, build better products, and are more human, humane, and fun.