DescriptionWe are hiring our first Security Engineer to join our Engineering team!
As the founding Security Engineer at Spare, you will play a pivotal role in building a secure platform, actively fixing vulnerabilities, and leading key security initiatives. This role is for someone who thrives in a hands-on engineering environment, is passionate about coding and security, and can provide technical security leadership across the company. We are a sub-200-person company that values agility, collaboration, and multitasking in a high-growth environment.
Our Spare HQ is in Vancouver - BC, but this position is open to remote work options across Canada. If you like coming into an office, you can work from our HQ as desired, and we also provide a co-working stipend for those who wish to work in an office outside Vancouver.
About this role ✨In this role you will focus on:

• Platform & Application Defense: Actively code and collaborate with engineering teams to identify and fix vulnerabilities, enhancing the security and resilience of our cloud platform.
• Security Engineering Projects: Lead security initiatives, working cross-functionally to inject security practices into our SDLC and roadmap.
• Security Audits & Compliance: Oversee and support audit processes to meet SOC2, ISO, and other compliance standards. Keep compliance documentation up to date and distributed across teams.
• Detection & Incident Response: Monitor security events, handle incident responses, and work with relevant teams to mitigate threats.
• Corporate Security: Ensure the security of our corporate environment through continuous monitoring, phishing tests, and endpoint security practices. Outsource specific operational tasks as needed.
• Technical Security Leadership: Provide security guidance and technical leadership to engineering teams, helping to integrate security best practices into development processes.
• Operational Excellence: Manage the [email protected] inbox, evaluate external security assessments, and work with teams for prompt remediation. Manage employee access during onboarding and offboarding.
  

About you ✨You have...

• 5+ years of cybersecurity experience, particularly in start-up or scale-up environments.
• Proven experience with application security, network security, web application firewalls, and code security/analysis.
• Strong software engineering skills and a passion for coding—you actively take on coding projects to enhance platform security.
• Hands-on experience supporting audits and a solid understanding of audit processes.
• The ability to thrive in an agile environment, managing multiple security initiatives and compliance tasks simultaneously.
• Excellent communication skills for effective cross-department collaboration.

It will be considered a plus (nice-to-have):

• Security experience in Google Cloud Platform (GCP).
• Proficiency in TypeScript, Terraform, and Kubernetes.
• Experience with security compliance tools such as Vanta.
• Led efforts to achieve SOC2, ISO27001 certifications.
• Flexibility to handle a role that's 50% security engineering and 50% compliance and corporate security.
• Passion for transit and mobility.