Head of Security / Senior Security Engineer

Head of Security / Senior Security Engineer

About Inrupt

Sir Tim Berners-Lee created Solid to realize the web as he fully envisioned it. It's an Open Standard that connects people to their data.

Inrupt provides enterprise-grade Solid software and services. Our products are the expression of decades of experience in security, compliance, and operational excellence.

Inrupt powers innovation for the shared benefit of individuals, developers and organizations. We lead a worldwide movement of inventors, investors, technologists, business leaders and governments who are committed to a web that works for everyone.

Governments and corporations are in early stages of deployment, the Company is very well funded and poised for significant scale.

Responsibilities
  • Own and optimize security tooling stack for SAST, DAST, SCA, container scanning, and IaC security (e.g., SonarQube, StackHawk, Aikido, Trivy)
  • Partner with engineering to create and refine threat models for all new product features and major architectural changes
  • Ensure cloud environments adhere to security best practices and evolving compliance requirements
  • Review and provide security feedback on technical requirements, design documents, and architecture decisions
  • Analyze and triage output from security scanning tools to identify, prioritize, and track vulnerabilities
  • Translate security findings into actionable recommendations for development teams with clear prioritization
  • Own the security incident response process for products and service incidents
  • Conduct post-incident reviews and drive continuous improvement in security practices
  • Own and evolve established security policies, standards, and procedures as the company grows
  • Manage the enterprise risk register for security risks escalated beyond individual departments
  • Lead cross-functional risk management meetings to assess, track, and mitigate security risks
  • Maintain ISO 27001 and SOC 2 Type I certifications and drive progression to SOC 2 Type II
  • Conduct periodic security audits, assessments, and gap analyses
  • Prepare for and lead security audits and customer security assessments
  • Develop and deliver security training and awareness programs across all teams
  • Partner with sales and customer success during security discussions with enterprise customers and prospects
  • Support RFP/RFI responses and customer security questionnaires
  • Build security champion programs to distribute security knowledge across teams
  • Foster a security-first culture that emphasizes shared responsibility and proactive security practices

About You
  • 5-8+ years in application security, security engineering, cloud security, or similar roles
  • Proven ability to work independently and wear multiple hats in a fast-paced, small company environment
  • Strong understanding of secure software development lifecycle (SSDLC) practices and DevSecOps principles
  • Hands-on experience implementing and managing security tooling, including SAST, DAST, SCA, and container scanning
  • Demonstrated experience with cloud security (AWS, Azure, or GCP) and infrastructure as code security
  • Working knowledge of threat modeling methodologies (STRIDE, PASTA, or similar)
  • Direct experience with ISO 27001 and/or SOC 2 compliance programs from implementation through audit
  • Strong understanding of OWASP Top 10, SANS Top 25, and common vulnerability types
  • Excellent communication and collaboration skills with the ability to influence across technical and non-technical audiences
  • Experience working with distributed/remote teams across multiple time zones
  • Comfortable taking ownership of existing systems and processes and making them better
  • Programming/scripting skills (Python, Bash, or similar) for automation and tool integration
  • Deep knowledge of cloud security controls, IAM, and network security (AWS, Azure, or GCP)
  • Experience with IaC security (Terraform, CloudFormation) and policy-as-code tools (Checkov, tfsec, OPA)
  • Experience securing CI/CD pipelines with GitHub Actions, Argo CD, Jenkins, or similar

Bonus
  • Experience in taking over and improving established security programs
  • Professional security certifications (CISSP, OSCP, CEH, GIAC, or similar)
  • Hands-on software development or DevOps background (Python, Java, JavaScript)
  • Prior experience managing security incident response and conducting security investigations
  • Background as a security champion or embedded security engineer within development teams
  • Familiarity with regulatory frameworks (GDPR, CCPA, SOX, HIPAA)
  • Experience with security orchestration, automation, and response (SOAR)
  • Experience in B2B SaaS or enterprise software companies
  • Experience with secrets management (HashiCorp Vault, AWS Secrets Manager)
  • Knowledge of identity and access management (SSO, SAML, OAuth, RBAC)
  • Experience with security monitoring and logging (SIEM, log aggregation)

How we will support you

We strive to empower our team members to be self-directed and self-motivated in their work.

  • Remote First: We've always been a fully distributed company with team members all over the world.
  • Commitment to Personal Growth: Every team member has an annual budget to invest in their professional development including an annual conference budget.
  • Work/Life Balance: Flexible working hours and unlimited paid time off. We want you to thrive both in and out of the office. We trust you to use good judgment and take the time off that you need to bring your best self to work.
  • Social Events: As a fully remote company it’s important that we get some time together to socialize and get to know one another outside of the day to day projects and meetings we work on.  Therefore, we organize quarterly online social events e.g remote cooking classes, quizzes etc.
  • Work Anniversary Gifts
  • $800 Office Set-Up Allowance

If you think you might thrive in this environment, we would love to hear from you.

Diversity, Equity, and Inclusion

Inrupt provides equal work opportunities to all team members and applicants, and it prohibits discrimination and harassment of any type on the basis of race, color, ethnicity, caste, religion, age, sex (including pregnancy), national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by our policies or federal, state, or local laws.

We want to ensure that our hiring process is accessible. If you need reasonable accommodation for any part of the application process because of a medical condition or disability, please send an email to jobs@inrupt.com to let us know the nature of your request.

Additional Considerations
  • Sometimes we meet up! Expect some travel: once a year for our all-hands meetup and occasional team meetings throughout the year, usually in London.
  • A successful candidate will be subject to a background check and must receive satisfactory results of the same, as a condition of joining the team.
  • By applying for this role, you confirm that all information submitted is accurate and complete. You further acknowledge that providing false or fraudulent information during the application process is cause for denial of an offer, revocation of any existing offer, or other adverse action, up to and including termination after the start of your commencement of work.
Email to apply
View All Positions
Inrupt logo
Terms & ConditionsPrivacy PolicyCookie PolicySupport PolicyLifecycle & Maintenance Policy
Your Privacy Choices
© 2020-2025 Inrupt, Inc., All Rights Reserved.