Whistic combines industry-leading AI agents for vendor assessments with a questionnaire-killing Trust Center Exchange, making every step of your TPRM workflow smarter, faster, and more connected.

About the Role

We are looking for a hands-on Security Engineer to join the team at Whistic. This contract role will own technical security across our product, infrastructure, and internal technology stack, sitting at the intersection of Engineering, Cloud, Security, and Compliance to translate risk into smart, automated, real-world solutions. Please note: This is a contract position and not eligible for benefits. Candidates from all locations in the United States are welcome to apply.

What You’ll Do

• Own and strengthen security across product, infrastructure, and internal technology stack
• Harden cloud environments, IAM architecture, network access, and encryption design
• Design and operate scalable monitoring, detection, and telemetry systems
• Lead vulnerability management strategy, including scanning, CVE triage, remediation SLAs, and attack surface reduction
• Embed application security into engineering workflows (code review, CI/CD integration, threat modeling)
• Investigate and respond to security incidents, driving containment and root cause resolution
• Build and automate security controls using Infrastructure-as-Code and modern tooling
• Support compliance audit preparation and evidence gathering for SOC 2, ISO 27001, and other frameworks
• Assist with IT operations including IAM, user provisioning, onboarding/offboarding, and asset management
• Own control inventory, policies, and compliance tracking systems
• Reduce manual processes through automation, retooling, and AI-driven improvements

What You'll Need

• 2–5 years of experience in Security, IT Operations, Security Operations, or a related technical role
• Working knowledge of cloud environments (AWS preferred) and foundational cloud security concepts
• Experience with vulnerability scanning tools, CVE triage, and patching workflows
• Familiarity with SIEM, IDS/IPS, EDR, or other monitoring platforms
• Exposure to SAST, SCA, container scanning, and CI/CD secure development practices
• Working knowledge of SOC 2 and/or ISO 27001 frameworks with experience supporting audits and control documentation
• Foundational understanding of networking, OS, identity, access management, and encryption (KMS, secrets handling)
• Experience with Jira or similar project management/ticketing tools
• Strong curiosity, bias toward automation, and comfort operating in a fast-paced startup environment
• Bachelor’s degree in Cybersecurity, Computer Science, IT, or related field preferred; equivalent hands-on experience considered
• Foundational certifications (CompTIA Security+, AWS Cloud Practitioner, or similar) are a plus