Staff Security Engineer, Compliance and Governance



Remote · United States
Posted on Friday, May 26, 2023

At StarTree we're a group of passionate individuals that desire to improve the lives of many by developing tools and technologies that support availability and speed in the world of real-time analytics.

Our aim is to make it simple for every company to delight their users - external and internal - and create new revenue streams from their data, by building the world’s most comprehensive and accessible cloud analytics system.

About the Role:

StarTree is seeking a Staff Security Engineer to strengthen our security posture, ensure regulatory compliance, and establish common security controls and practices across the engineering and product organization. As a Staff Security Engineer, you will be responsible for developing and executing a comprehensive security strategy, conducting assessments and testing, managing security content, collaborating with cross-functional teams, and staying updated on emerging threats and technologies.


  • Develop and execute a comprehensive security strategy to protect data assets, systems, and networks.
  • Conduct security assessments, vulnerability scans, and penetration testing to identify weaknesses and recommend remediation measures.
  • Manage a repository of security content to support client inquiries and ensure successful business operations.
  • Evaluate vendor and security provider compliance against standards such as SOC2 and lead preparation for ISO certification.
  • Collaborate with engineering and DevOps teams to design and implement secure architectures.
  • Monitor and respond to security events and incidents, mitigating potential threats or breaches.
  • Conduct security awareness training and promote a culture of security awareness.
  • Propose security controls to address identified gaps and facilitate smooth operations.
  • Maintain effective relationships with internal stakeholders and senior management.
  • Stay updated on emerging security threats, trends, and technologies, making recommendations for continuous improvement.

What we’re looking for:

  • Bachelor's degree in Computer Science, Information Security, or related field. Relevant professional certifications (e.g., CISSP, CISM) are a plus.
  • 7+ years of experience as a Security Engineer, focusing on securing data and systems in a cloud-based environment.
  • Strong knowledge of network protocols, operating systems, and cloud platforms (e.g., AWS, Azure, GCP).
  • Experience with security tools and technologies (e.g., SIEM, IDS/IPS, DLP, WAF, vulnerability scanning).
  • Familiarity with security standards and government regulations (ISO, SOC2, NIST, GDPR, HIPAA, etc.).
  • Proficiency in scripting and automation languages (e.g., Python, Bash) for security solution development.
  • Experience with REST API attack detection and prevention, static code analysis, application security testing, and vulnerability scanning.
  • Knowledge of cryptography principles and practical application for data and communication protection.
  • Excellent problem-solving and analytical skills with the ability to provide practical recommendations.
  • Strong communication and interpersonal skills for effective collaboration and stakeholder engagement.

If you are passionate about addressing the security and compliance challenges of a fast growing multi-cloud infrastructure startup and possess the technical expertise and leadership skills to succeed, we encourage you to apply for this exciting opportunity.

The base salary range for this US full-time position is $150,000 - $220,000, subject to standard withholding and applicable taxes. Additionally, new hires receive competitive and compelling equity grants, and access to a comprehensive benefits offering. The base salary range reflects the minimum and maximum target for candidates. The Salary and Equity compensation offered may vary depending on factors including: location, skills, experience, and the assessment process.

About StarTree:

StarTree is a cloud-based software company that enables business customers to derive advanced insights from real-time and historical data. StarTree was founded by the core software engineering team and inventors of Apache Pinot, which currently powers hundreds of user-facing applications at companies across industries, including LinkedIn, Uber, Target, 7Eleven, Etsy, Walmart, WePay, Factual, Weibo, and more. StarTree Cloud has enabled even more companies to deploy and operate real-time analytics at scale, including Stripe, Sovrn, Roadie, Just Eat, Dialpad, Guitar Center, Blinkit, and more.

StarTree recently announced our Series B Funding with investment from GGV Capital, Sapphire Ventures, Bain Capital Ventures, and CRV. We have been named one of The Information's 50 Most Promising Startups and one of CRN's 10 Coolest Cloud Computing Startup Companies of 2022!