UserGems
Technology
SeniorSecurityEngineer
Neural analysis suggests this role is
optimal for Senior candidates.
“Senior Security Engineer at UserGems. Skills: Security program operations, SOC 2, ISO 27001, ISO 42001, AWS remediation, AI Security. Operate security and compliance program. Own SOC 2”
What You'll Achieve.
Keep Drata green; Keep audits clean; Fast questionnaire turnaround; Unblock revenue; Hit SLAs; Mature the IRP; Achieve ISO 42001 readiness
Industry & Context.
Drata-driven remediation; Vulnerability management; Threat detection; Incident response; Pen testing; Root cause analysis
No on-call rotation, Incident response whole-team effort
What They're Looking For.
Must Have
SOC 2 Type II in place, Drata monitoring centralized, CrowdStrike Complete managed MDR, Hands-on AWS comfort, Action Drata-flagged remediations independently, Own operations end-to-end, Influence direction, Excellent written English, Comfortable with async collaboration, Late-afternoon CET availability once a week
Nice to Have
Solid grasp of attacker techniques, Modern application security knowledge, Hands-on secure code review experience, AI/LLM systems security experience, Comfort tuning detection, Running incident response, ISO 27001 Lead Implementer experience, ISO 27001 Lead Auditor experience, ISO 42001 familiarity, AI governance familiarity, Hands-on Kubernetes security, Hands-on container security, Light coding ability, Java preferred, Auditing LLM security experience
What You'll Do.
Operate security and compliance program
Lead ISO 27001 implementation
Lead ISO 42001 implementation
Run customer security questionnaire process
Action Drata findings in AWS
Perform S3 settings adjustments
Perform secrets hygiene
Perform audit-trail follow-ups
Oversee scanner-findings automation
Extend scanner-findings automation
Perform light secure code review
Spot-check high-risk features
Spot-check new repositories
Escalate AppSec questions
Tune GuardDuty findings
Evaluate central logging options
Evaluate SIEM options
Run tabletop exercises
Run annual external pen test
Perform regular internal pen tests
Handle external researcher reports
Handle bug bounty payouts
Own access provisioning
Own access revocation
Shape AI product security
Shape internal AI usage security
Achieve ISO 42001 readiness
Manage model governance
Manage data governance
Perform prompt-injection threat modeling
Manage access controls
Shape scaling of internal AI tooling
Implement guardrails for AI tooling
Implement access boundaries for AI tooling
Implement monitoring for AI tooling
Implement review for AI tooling
Extend in-house automations
Use AI-assisted questionnaire workflows
Review AI-generated code
Shape customer-facing AI security narrative
How You'll Work.
Team & Collaboration
Async collaboration across Europe/US; Work with Sr. Director; Escalate to engineering; External pen testers collaboration
Communication Scope
Customer security reviews; Audit conversations; Customer-facing policies; Written English
Process & Methodology
Program ownership, Initiative execution
Full Job Description
UserGems is the AI command center for go-to-market teams (think of it as an AI brain for sales and marketing). Powered by best-in-class contact data, its AI agents (Gem-E) automatically surface high-intent buyers, prioritize them, deploy personalized outbound, create ad audiences and ABM to drive more pipeline. We’re backed by top Silicon Valley VCs (Craft Ventures, Uncork Capital, Battery Ventures, Tiger Global, and more) and have hundreds of happy customers from startups to public enterprises. Operate UserGems' security and compliance program day-to-day, partnered with the Sr. Director on direction and strategy. UserGems is an AI platform helping sales and marketing teams double pipeline impact. Our AI agent Gem-E turns signals from CRMs, buying intent, and public data into precise outreach - generating $4B in pipeline and $950M in revenue for customers like CrowdStrike, UserTesting, and SAP LeanIX (15X+ ROI). UserGems is a ~70-person company with around 25 engineers across Europe and 45 team members in sales and marketing based in the U. S. Several of our customers are top-tier security companies themselves (e. g. CrowdStrike), so our own security posture directly influences how fast revenue can move. The Role You will be UserGems' single dedicated security person, taking over the operational majority of the security work the Sr. Director currently owns. This is a compliance-led role with hands-on operational components - heavy on SOC 2 / ISO ownership, customer security reviews, day-to-day program operations, and Drata-driven remediation in AWS. Compliance is the primary focus and over time you'll own the full technical scope described below as well. The Sr. Director approves direction; you propose, shape, and execute the program. Cadence is a bi-weekly 1:1 with the Sr. Director plus a weekly work discussion, same as every UserGems employee. UserGems' security program is in great shape - no fires to put out. SOC 2 Type II is in place for years already, all compl
Applying for this Senior Security Engineer role?
Most applicants get filtered before a human reads their resume. See if yours makes the cut.
How to Apply on Greenhouse
- Create a Greenhouse profile before applying — it saves time across multiple applications.
- Upload your resume as a PDF; the parser handles it better than Word.
- Answer all knockout questions carefully — wrong answers auto-reject before a human sees you.
- Enable email notifications to track application status in real time.
ANONYMOUS · UNFILTERED
What do employees actually say about UserGems?
Real rants from real employees. Read before you apply.