Information Security Engineer
About Bitwerx Bitwerx, Inc. is a team of industry experts focused on designing, building, and supporting innovative software solutions that leverage data to improve the customer journey. Our experience spans many industries with a focus on veterinary, and our partners range from startups trying to bring a new idea to market to Fortune 500 companies looking to become more agile.
About the role We are seeking an Information Security Engineer to serve as the primary owner of Bitwerx's Information Security governance, policies, and compliance framework, leading the design, implementation, and ongoing maturation of the security program with a core focus on SOC 2 Type 2 and broader U.S. and international compliance requirements. This is a hands-on individual contributor role. You will be responsible for building practical, scalable security controls; refining policies and standards; operationalizing compliance requirements; and partnering closely with our Platform Delivery and Software Engineering teams to embed security into day-to-day operations.
This role may be based in Lexington, KY (hybrid) or performed remotely from select U.S. locations.
What You'll Do Security & Compliance Program Ownership
Own end-to-end SOC 2 Type 2 execution
Design, refine, and validate security controls
Prepare audit evidence and remediation plans
Policy, Risk and Governance
Author and maintain security policies and standards
Maintain the risk register and treatment plans
Manage vendor risk workflows
Cloud and Platform Security
Implement Azure security guardrails
Enforce IAM, RBAC, MFA and conditional access
Maintain the risk register and treatment plans
Secure CI/CD pipelines and secrets
Monitoring and Incident Response
Implement centralized logging and alerting
Maintain Incident Response playbooks and lead response efforts
Perform root cause analysis
Manage tabletop exercises using real-world examples for team training
Audit and Automation
Automate compliance evidence collection
Ensure controls are sustainable year over year
What You'll Bring
3+ years in security and/or compliance engineering
SOC 2 Type 2 hands-on experience
Experience implementing international security and privacy compliance controls (e.g., GDPR, OSFI, and similar regulatory frameworks)
Strong understanding of security architecture and risk management for data-centric organizations, including large-scale data storage, processing, access controls, and data lifecycle governance
Azure cloud security experience
Strong written and technical communication skills
Proactive, collaborative team player who thrives in a fast paced, small company environment
Experience with Drata is preferred
What Success Looks Like
Predictable, low-stress audits
Embedded security controls
Automated evidence collection
Why This Role Matters Security and compliance are foundational to Bitwerx's growth, reputation and customer trust.
What We Offer
100% company-paid health, vision, and dental insurance
401(k) with company match
Robust PTO policy
A collaborative and inclusive work culture
Opportunities for professional growth and development
The chance to make a significant impact on a growing company
Bitwerx, Inc. is an Equal Opportunity Employer. Your application will be considered regardless of race, color, national origin, age, disability, gender, sexual orientation, gender identity or expression, marital status, or veteran status. You must be legally authorized to work in the U.S.