Campminder is a company dedicated to enhancing the summer camp experience through innovative software solutions. They are seeking a Senior Cybersecurity Engineer to oversee the protection of sensitive data, manage security infrastructure, and ensure compliance with PCI and SOC2 standards.
Responsibilities:
- Manage identity and access infrastructure, including Azure conditional access, Okta SSO, and Auth0, keeping MFA and zero-trust enforced across production and internal apps
- Integrate security scanning (SAST, DAST, SCA) into CI/CD pipelines and drive remediation before code reaches production
- Configure, tune, and harden WAF rules across our web applications
- Own vulnerability scanning and remediation using tools like Mondoo and SecurityMetrics, and administer EDR, DLP, and SIEM/XDR tooling across servers and endpoints
- Manage secrets and credentials in build pipelines, including vault-based storage, rotation, and least-privilege service accounts
- Execute PCI technical controls: SAQ completion, quarterly ASV scans, and disaster recovery implementation
- Harden containerized and cloud-native environments, including image scanning and Kubernetes configuration
- Coordinate pen testing engagements and drive remediation against SLA timelines
- Run security awareness training programs (KnowBe4, Security Journey) and maintain AI usage oversight, including approved tooling, code-gen governance, and supply-chain monitoring
Requirements:
- 5+ years in security engineering or DevSecOps, with hands-on ownership of both pipeline-level and infrastructure-level security
- Experience configuring IAM and SSO platforms (Okta, Auth0) alongside cloud-native identity controls like Azure conditional access
- Comfort embedding security directly into CI/CD workflows: SAST/DAST/SCA tooling, secrets management, and policy-as-code
- A track record hardening containerized and cloud-native environments, including Kubernetes and image scanning
- Experience executing PCI or similar compliance technical controls (scans, SAQs, evidence prep); program ownership isn't required, but you know how to translate auditor requirements into engineering work
- Familiarity administering SIEM/XDR and EDR/DLP tooling
- The judgment to triage real vulnerabilities over theoretical ones, and to know when to escalate versus fix directly
- Experience running or supporting security awareness and training programs
- Exposure to AI tooling governance, such as MCP inventories, code-gen release gating, or supply-chain monitoring for AI-assisted development