Back to ⤴︎

Now Hiring: InfoSec & Compliance Lead For, a Security-Obsessed Cloud Storage Service

Location: Work From Your Home for our All-Remote Company (USA only)

Have you implemented ISO 27001 and SOC2 compliance programs from scratch at a startup? Do you have a passion for guaranteeing that we will not have a breach?

If so, we’d like you to learn about!

Our CEO and founder has always been obsessive about security, but our customers can’t just take us at our word that we take security seriously. That’s why is setting the ambitious goal of completing audits of its security and controls under all of the major recognized frameworks such as ISO 27001 and SOC2.

We want to demonstrate that we’ve secured our systems and business processes to a standard that far exceeds what customers would expect given the size of our business.

We’re looking for someone who can help us document and audit our controls and lead us through the audit process, using internal resources as much as possible.

About is the new name for BrickFTP, a cloud storage service that has existed since 2009 and has over 1,700 paying business customers.

Our company consists of 16 (and growing to by the end of 2019) full time USA-based remote employees who work from home.

Our products and services are used by over 2,000 enterprises and SMBs, including Target, Canonical, UPS, Leica, DirecTV, GoPro, Marriott, and more.

We’re Bootstrapped, Profitable, and Growing

Our success comes from building a great service that solves problems for our customers, and our growth comes from expanding and improving our products as quickly as we can.

We believe that great products can only be built by great people. So we’re on a quest to find the smartest, most creative, and most motivated people, and create an environment in which they thrive.

We Are A Remote Company

You will work from home and have some flexibility to choose your working hours, allowing you to make time for family, recreation, vacations, or anything that is important to you.

You’ll take off 11 company-wide holidays per year as well as 20 days of PTO for vacations. You’ll have the time to take longer vacations and have fun.

Every quarter, you’ll travel to an in-person meeting with the entire team to meet and work together face to face. These meetings are in cities that are fun to visit. In the last few years, we’ve been to Austin, Orlando, New Orleans, San Diego, Las Vegas, and New York City.

We think that these in-person meetings are vital to the success of a remote team.

About the Role

You will create an implement a complete Information Security Management System for our growing SaaS company from scratch, including the following:

  • Implement new security processes and evaluating existing processes.

  • Determining which external standards to certify against and in what order.

  • Selecting auditors, and leading the audit process.

  • Monitor compliance with company policies and procedures.

  • Write policies and implement procedures for relevant security controls.

  • Coordinate penetration testing and code reviews.

  • Work with our infrastucture team to ensure that all relevant monitoring and logging is in place.

This position reports directly to our CEO.

Minimum Qualifications:

  • Bachelor’s degree or relevant experience

  • Direct experience conducting gap analyses and implementation of missing controls to allow a SaaS company to gain ISO 27001 certification, either in-house or with a Security & Risk practice.

  • Familiarity with ISMS family of standards such as ISO 27001, PCI, SOC2, and HIPAA.

Preferred Qualifications:

  • Relevant professional certification(s) such as CISSP, CISA, CISM, CIPP, GIAC, PMP.

  • Experience with application and operating system security in a Linux environment.

  • Experience with network and cloud security on Amazon Web Services.

  • Experience working on a remote team.

Our Core Beliefs

Here are just some of our Core Beliefs:

We believe that the best Engineers tend to be polyglots with a wide variety of programming language experience. We don’t hire for specific programming language skills, but rather look for engineers who are fluent in several programming languages. We want our staff to be adaptable and ready to evolve to what’s next.

We believe in using the right tool for the job. Our core applications are built in Ruby, JavaScript, Java, C++, and PHP. We use Rails, React, Chef, Qt, Jenkins, Github, Honeybadger, CircleCI, Maven, AWS, MySQL, Redis, Memcached, Haml, Sass, and many other exciting open source systems. We don’t want to get stuck in the trap of using a language or a tool just because “that’s how it’s done around here.”

We believe that open-source only works if companies give back. If you work on any open-source projects during the course of your work at, you are encouraged to submit your improvements as a pull request back to the upstream project. And if you build something from scratch while working here that’s generic and not related to our core products, we want you to release that on GitHub too. We’ll also pay your travel costs to any conference where you can get a speaking gig.

We believe in building products that we actually use ourselves. We are our own toughest critics and we put all of our products through their paces every day.

Salary, Pay, and Benefits offers industry-leading salaries based on experience combined with unparalleled flexibility and other benefits to secure top talent.

You’ll take off 11 company-wide holidays per year as well as 20 days of PTO for vacations. Go have fun. Don’t work all the time.

We will provide you a $2,500 signing bonus to purchase a new computer, desk, or anything else that would help build or refresh your home office.

We’ll update your salary annually based on your performance, as reviewed by your peers.

We fully pay base plan health insurance premiums (exact plan details depend on your state of residence), and we’ll pick up the tab for 75% of your spouse or dependents if they wish to join your chosen plan. We want your family to be healthy.

Ready To Apply?

Working here isn’t for everyone, but if you think it might be for you and you have the required experience, please apply right here on this page.

We’d like you to write a cover letter specific to this position at Action Verb. Please make sure that it contains all of the following:

  • To what extent have you facilitated audits and information gathering for certifiers and regulators?

  • How do you ensure that you’re aware of the latest security best practices and regulations?

  • How should a startup company budget for security and compliance and what is the appropriate balance between spending on security and compliance vs on product development?

You may also want to write about why this opportunity calls to you personally and why you see yourself as a good fit for

Please upload your resume in PDF format.

Optional additional sections (click to open)

Equal Employment Opportunity / Affirmative Action - Opportunity To Submit Gender/Race Information →

Invitation for Job Applicants to Self-Identify as a U.S. Veteran →

Voluntary Self-Identification of Disability →