Enterprise Security Manager

Accretive Technology Group — Enterprise Security Manager Work Remotely From: Arizona, California, Colorado, Florida, Michigan, Missouri, Nevada, South Carolina, Texas, or Washington. Onsite/Hybrid Option: Seattle, WA About Accretive Technology Group: We are a Seattle-based tech company with more than 25 years of proven success. Privately owned, stable, and profitable, we’ve built our reputation on open-source values, a strong DIY spirit, and a deep respect for craftsmanship. Our teams are customer-obsessed and built around empowered engineers who love what they do. Role Overview: Our engineering team is FOSS-first, deeply collaborative, and committed to building secure, scalable systems that serve a wide range of customers and partners worldwide. We’re looking for a seasoned and hands-on Enterprise Security Manager to lead the development and execution of our security initiatives across enterprise, development, and production environments. This is a unique opportunity to take ownership of a growing practice and build a high-impact security team from the ground up. As our Enterprise Security Manager, you’ll be responsible for establishing and maturing a comprehensive security strategy that spans multiple environments and aligns with compliance standards such as PCI-DSS. You'll partner closely with leadership and stakeholders across the business to design a long-term roadmap, shape internal security culture, and ultimately protect the integrity of our systems and services. This role is a hybrid of strategic planning and technical execution — ideal for someone who has a broad understanding of modern security challenges and thrives in a fast-moving, distributed environment. Key Responsibilities: • Build and lead a small, high-performing security team — hiring, mentoring, and developing engineers and analysts. • Define and drive the vision, roadmap, and execution of our security program across enterprise, development, and production environments. • Lead vulnerability management efforts, including internal/external scans, real-time monitoring, bug bounty programs, and vulnerability disclosure (VDP). • Design and implement tooling — including SIEM, SOAR, EDR, IDS, and logging platforms — to ensure visibility, threat detection, and automated response. • Monitor evolving threat landscapes, lead incident response protocols, and develop systems for proactive risk management. • Guide secure development efforts and partner with engineering teams on remediation strategies. • Serve as the primary point of contact for PCI-DSS compliance, including oversight of scanning, remediation, and certification. Ensure the team maintains active PCI-ISA credentials. • Lead audit readiness and evidence preparation for SOC 2, GAAP, and other regulatory IT audits, including control design and remediation efforts. • Partner cross-functionally with infrastructure, development, IT, and compliance to embed security throughout the organization. • Represent the company in the broader security community — contributing to research, attending or speaking at conferences, and helping elevate the team’s visibility. • Foster continuous learning by supporting training, certifications, and conference attendance for security team members. • Develop and communicate clear risk metrics, KPIs, and reports to leadership and stakeholders. Qualifications: • Proven experience in information security, including leadership or management of technical teams. • Proven success building or scaling security programs in distributed, high-growth environments. • Deep understanding of secure systems and network architecture in production and enterprise environments. • Experience with both cloud and on-prem infrastructure security, endpoint protection, and secure SDLC. • Proficiency with scripting or development languages (Python, Go, Bash, etc.) and a strong belief in automation wherever possible. • Familiarity with compliance frameworks like PCI-DSS, SOC 2, and GAAP-aligned IT controls. • Strong communicator — clear, confident, and effective across technical and non-technical audiences. • Hands-on familiarity with security tools such as CrowdStrike, Wiz, ELK, Wazuh, Falco, Prometheus, Grafana, or similar platforms. Who You Are: • Humble and collaborative — you work well across teams and mentor with patience and clarity. • Driven by craftsmanship — always looking to improve, automate, and harden systems. • Comfortable with complexity — you thrive in environments with nuance, ambiguity, and scale. • Security-minded but pragmatic — you understand that security needs to enable velocity, not block it. • Curious and engaged — you stay active in the security community, whether through talks, tools, or research. Bonus Points If You… • Have given talks or published research at security conferences like DEFCON, Black Hat, ToorCon, etc. • Have experience with large-scale networking (BGP), DDoS mitigation, and globally distributed systems. • Enjoy analyzing high-volume log data and surfacing actionable insights. • Have participated in CTFs, red team exercises, or collegiate cyber competitions. • Are active in bug bounty programs — send us your profile! • Have deep knowledge of Linux internals, eBPF, WAF evasion, packet analysis, and related domains. • Have familiarity with Microsoft enterprise environments (Windows, Azure, and compliance considerations). • Hold certifications such as OSCP, OSCE, or similar (a plus, not required). • Earned a degree in a STEM or engineering discipline (also not required — skill matters most). Perks & Benefits: • Employer-paid Medical, Dental, and Vision benefits • Life & Disability Insurance Coverage • Health Care FSA • Daycare FSA • 401(k) with a 50% contribution match (no limit) • Generous Vacation and PTO plan • Paid Holidays • Semi-Annual Profit Sharing • Gym/Equivalent Exercise Program Reimbursement • $175 transportation Reimbursement ($100 of this may be used for home internet for remote and hybrid employees) • Dedicated annual budget for training, certifications, and conference attendance • Flexible remote work (with the option to work from our Seattle HQ) • High ownership and impact — help build a world-class security program from the ground up A reasonable, good-faith estimate of the minimum and maximum base salary for this position is $150K - $250K. This position will also include a profit sharing that is dependent on a variety of factors. Accretive Technology Group is an Equal Employment Opportunity employer. All qualified candidates will receive consideration for employment without regard to race, color, religion, sex, or national origin. • Unfortunately, we do not provide visa sponsorship, visa transfer, or corp-corp arrangements. • Agencies - NO unsolicited submissions will be accepted and if any Agency does submit an unsolicited candidate that Agency shall have no recourse from Accretive Technology Group. 4V1j7u0TrI Apply tot his job