We’re an EdTech company on a mission to help students succeed by giving institutions the tools to better support and retain them. Our platform uses AI and conversational technology to identify at-risk students early, surface real-time insights, and drive meaningful engagement at scale.

We’re a small but growing team where everyone has a big impact. Security and trust are at the heart of what we do, which makes this role a critical hire as we scale. If you’re excited by ownership in a high trust environment, solving complex challenges, and building systems that matter, you’ll feel right at home here.

Responsibilities

• Partner with engineering leadership to develop and maintain the security roadmap, aligning with business priorities and compliance needs.
• Implement and manage security solutions directly within Google Cloud Platform (GCP), including Cloud Armor, Security Command Center, IAM policies, and audit logging.
• Automate vendor security reviews using tools like Whistic.
• Support and enhance secure file transfer mechanisms (e.g., SFTP) for partner integrations.
• Embed security into the software development lifecycle in collaboration with engineering teams.
• Engage directly with prospective clients’ security personnel to provide assurance, answer questionnaires, and represent our security posture.
• Lead our SOC 2 compliance efforts, including driving the initial audit process and partnering with third-party auditors to achieve certification.
• Drive incident response readiness and coordinate response activities as needed.

What We’re Looking For

• 4+ years of hands-on DevOps, Cloud Security, or DevSecOps experience.
• Strong expertise in GCP with the ability to implement security controls and monitoring directly.
• Proficiency in identity and access management, networking, and infrastructure-as-code (e.g., Terraform).
• Experience integrating security tools into CI/CD pipelines.
• Excellent communication skills and confidence engaging with external security stakeholders.
• Proven track record as a senior individual contributor, owning initiatives end-to-end.

Nice-to-Haves

• Experience with AWS security services in addition to GCP.
• Direct experience with Key Management Service (KMS) for encryption key and sensitive data management.
• Familiarity with higher-education security and compliance standards such as HECVAT.
• Background in IT compliance and security checklists (SOC 2, ISO 27001, etc.).
• Experience with third-party security assessments.
• Knowledge of data privacy regulations (FERPA, GDPR, HIPAA) relevant to higher education.