Senior Compliance Engineer

QuickNode is a cloud-based infrastructure company that powers the blockchain ecosystem.   Our mission is to be the indispensable utility that empowers companies and innovators globally to build next-generation, Web3 enabled businesses & applications using blockchain technology. QuickNode is backed by some of the world's best investors including Tiger Global, Y Combinator, SoftBank, and the Seven Seven Six Fund. The QuickNode team has over 120 people maintaining high performance global data infrastructure for amazing customers serving billions of requests daily.   We are a global remote first company HQ'd in Miami, Florida.

The Role

As a Compliance Engineer, you will be responsible for developing processes and procedures to improve and maintain security compliance of Quicknode. We are looking for our first compliance expert that can help us achieve SOC2 Type 2 compliance. We need strong assistance with auditing while also being thoughtful in brainstorming new ways to improve our compliance standards. You will work cross functionally with all teams to ensure everyone is following proper compliance guidelines adhered to. 

What you’ll be doing 

• Help QuickNode achieve SOC2 Type 2 compliance from one of the Big Four auditing companies by Q4 2023
• Assist with audit and compliance-related matters for SOC2 Type II and other applicable audits and certifications, such as collecting and reviewing audit evidence, evaluating the effectiveness of controls, providing guidance to security control owners, and making control improvement recommendations
• Assist in developing and updating security-related policies, procedures, standards, and documentation to align with SOC2 compliance requirements
• Following structured processes to evaluate risks while guiding Quicknode teams to minimize risk and maintain compliance
• Perform security assessments as well as maintain and follow supporting processes to effectively record, track and manage all IT and security threats
• Work cross-functionally across all disciplines, including DevOps, Legal, Leadership, and various development teams, to report security compliance requirements and statuses
• Interface with prospective customers to complete security questionnaires and provide details on the Quicknode security policies
• Perform periodic internal audits and maintain the necessary documentation and reports to comply with SOC2 requirements
• Create, assign and track the timely completion of security related task tickets
• Automate the centralization of security-relevant events and metrics to ELK stack. Develop SIEM dashboards and onboard required security tooling to enhance QuickNode Security Operations Center (SOC)
• Audit and manage QuickNode Infrastructure Vulnerability reports from vulnerability assessment tools such as Tenable.io, Nessus, and GitHub Advanced Security
• Configure and perform Access Management and Assessments using identity governance tools such as Okta or Sailpoint.
• Report and Maintain compliance with security controls on Vanta

 

What you’ll bring 

• 5+ years of experience in Security Compliance Management and Information Security.
• SOC2 Type 2 audit experience is required, preferably with one of the Big Four, as well as knowledge of security frameworks such as NIST, ISO, GDPR
• Excellent communication skills (written, verbal and listening); ability to communicate complex security requirements to development teams and leadership
• Certifications such as CISSP, CISM, and CISA are preferred
• Strong knowledge of Security Compliance risk management methodologies
• Ability to operate within an agile, fast working environment independently and as part of a team.
• Experience with identity governance tools such as Okta or Sailpoint
• Experience managing compliance status on Vanta or other compliance scanners
• Experience developing and configuring log collection and Dashboards using ELK Stack
• Experience with Vulnerability management tools such as Tenable.io, Nessus, and GitHub Advanced Security