Senior Security Operations Engineer (Remote)

Plotly is a leading innovator in data visualization and analytics, specializing in empowering organizations to make data-driven decisions. Our flagship product, Dash Enterprise, powers hundreds of businesses’ data applications.

As an established enterprise software company we are embarking on an exciting journey to expand into the SaaS market. Our mission is to deliver innovative, reliable, and secure solutions to our customers while maintaining the highest standards of security and compliance.

We’re looking for a passionate Senior Security Operations Engineer to join our team and play a critical role in establishing and scaling our security operations.

The Senior Security Operations Engineer will be responsible for designing, implementing, and managing security operations to protect our enterprise software and SaaS offerings. This role will ensure compliance with industry standards, drive security certifications, and establish robust security programs, disaster recovery (DR) plans, and business continuity plans (BCP). The ideal candidate will have deep expertise in enterprise and SaaS security, coupled with a proven track record of building scalable and compliant security practices.

Core job responsibilities:

• Lead all information security efforts at Plotly, across production SaaS operations, enterprise IT, and Plotly’s digital presence on the web and social media
• Author, improve, and enforce information security policies; ensure risk assessments, compliance evidence collection, and access reviews are complete and consistent
• Collaborate with DevOps and software development teams to integrate security tooling (such as vulnerability scanning, bounty programs, SIEMs, SAST, and DAST) and secure development processes into their workflow
• Ensure Plotly’s continued compliance with SOC2 Type II, and lead additional compliance framework efforts such as ISO 27001 as our needs grow
• Develop, implement, and maintain business continuity plans (BCP) and disaster recovery plans (DR) to ensure system resiliency and minimal downtime during incidents.
• Oversee the security and integrity of the organization’s digital presence, including websites, social media accounts, domains and DNS entries, chat, conferencing, and email systems.
• Exemplify the role of the information security officer, through mentoring, cross-training, advocacy, and influencing the organization toward secure practices

Job requirements:

• 5+ years of experience in security operations, with a focus on both enterprise and public-cloud SaaS environments.
• Hands-on experience with achieving and maintaining security certifications (e.g., SOC 2, ISO 27001).
• Strong understanding of security frameworks (e.g., NIST, CIS) and regulatory requirements (e.g., GDPR, CCPA).
• Proven experience in disaster recovery and business continuity planning, testing, and implementation.
• Proficiency in managing security tools, including compliance management platforms (e.g. Vanta), SIEM, endpoint security, and vulnerability management systems.
• Demonstrated ability to lead incident response efforts and perform forensic analysis.
• Robust knowledge of security principles across all major cloud vendors
• Deep knowledge of Public Key Infrastructure (PKI) including internal certificate authorities and mutual TLS client authentication

Bonus Points:

• Relevant certifications such as CISSP, CISM, CISA, or GIAC.
• Experience as a product owner for security tooling developed by internal teams
• Experience with DevOps automation tools (e.g., Kubernetes, Ansible, Terraform, or Python scripting).
• Familiarity with security scanning tools (e.g. Trivy, Snyk, Sonarqube) and SaaS-specific security solutions (e.g. AWS WAF)

Don’t meet all the requirements, but you feel you would be a great fit to our plot-legion? Don’t hesitate to apply!

What you can expect from us: