About StackGen

StackGen is an autonomous operations platform that enables engineering organizations to run modern infrastructure and application delivery at scale—with less toil, fewer incidents, and greater speed. We bring together AI-driven automation across the full operational lifecycle, empowering Platform, Delivery, SRE, and Observability teams to move from reactive firefighting to proactive, self-healing operations.

Our platform meets engineering teams where they are—augmenting existing workflows and toolchains rather than replacing them—and scales with organizations as their operational complexity grows. If you're passionate about crafting narratives that connect deep technical reality to meaningful business outcomes, join us in defining what autonomous operations look like for the next generation of engineering teams.

The Role

We are hiring a Security Engineer who will own and run our security compliance program end-to-end, with primary responsibility for certification readiness (SOC2, ISO27001, etc.), audits, and continuous compliance. This person will drive the operational process, build and maintain technical controls, automate evidence collection, and partner with cross functional teams to make security scalable and pragmatic.

This is a hands-on role. You will both design and implement controls across cloud infrastructure, CI/CD, identity, logging/monitoring, vulnerability management, and incident response.

What you will do

Security certification ownership

• Own SOC 2 Type II and ISO 27001 end-to-end: readiness, gap assessments, remediation plans, audit execution, and continuous compliance.
• Build and maintain the ISMS (risk register, Statement of Applicability, security policies/standards, control mapping, management reviews, internal audits, corrective actions).
• Act as the day-to-day lead with auditors and any external consultants, ensuring the program stays on schedule and evidence is audit-ready.

Security control implementation (technical and operational)

• Implement and operationalize technical controls across cloud infrastructure, endpoints, and SaaS tooling (identity, access reviews, logging, alerting, backups, encryption, key management, change management).
• Build automated evidence collection and monitoring (compliance-as-code where possible), minimizing manual work for Engineering teams.
• Define and run operational processes: access requests and approvals, periodic reviews, incident response exercises, vendor risk reviews, security training, and secure SDLC.

Cloud security and DevSecOps

• Harden cloud environments (AWS/GCP/Azure as applicable): IAM design, network segmentation, secret management, secure configurations, and continuous posture management.
• Improve CI/CD security: SAST/DAST, dependency scanning, container scanning, IaC scanning, SBOM generation, and policy enforcement in pipelines.
• Own vulnerability management workflows: triage, remediation SLAs, and reporting.

Monitoring, incident response, and reliability

• Ensure centralized logging, monitoring, and alerting support audit needs and security operations.
• Maintain incident response runbooks, tabletop exercises, and post-incident reviews with measurable follow-ups.

Cross-functional leadership

• Partner with Engineering, Product, and Operations to embed security into delivery practices without slowing teams down.
• Provide clear guidance, documentation, and training for developers and stakeholders.

What we’re looking for

• 4+ years in DevSecOps, cloud security, security engineering, or SRE with strong security ownership.
• Direct, hands-on ownership of SOC 2 audits and/or ISO 27001 (not just participating. You drove the program).
• Strong understanding of common control areas: access control, change management, logging/monitoring, incident response, vulnerability management, encryption, backups, vendor management, secure SDLC.
• Practical experience securing cloud-native stacks (IAM, networking, KMS, secrets, logging, cloud posture hardening).
• Ability to write clear policies/standards and also implement the underlying technical controls.
• Comfort working in startup environments with ambiguity and high ownership.

Nice to have

• Experience running ISO 27001 ISMS artifacts (SoA, internal audits, management reviews, corrective actions).
• Experience with compliance automation platforms (Drata, Vanta, Secureframe, Tugboat Logic, etc.).
• Experience with SOC 2 evidence automation and reducing audit toil.
• Experience with Kubernetes security and container supply chain security.
• Familiarity with tools like Terraform, GitHub Actions, Snyk, Wiz, Orca, Prisma Cloud, Trivy, Checkov, tfsec, Semgrep, SonarQube, Dependabot, OPA/Conftest, Falco (or similar).

Why StackGen

• High ownership. You’ll set the standard for how security and compliance operate at StackGen.
• Build security into an AI-driven DevOps product from the ground up.
• Work directly with engineering leadership and influence architecture and processes.

Location

• Pune, India. Hybrid with 2 days in the office.
• Will require overlap with US time zones.