Remote Cybersecurity Engineer – Senior Full‑Time Remote – Pen‑Testing, Threat‑Hunting & Cloud Security – Findlay, Ohio – $120k‑$150k

TITLE:Remote Cybersecurity Engineer –Senior Full‑TimeRemote – Pen‑Testing, Threat‑Hunting & Cloud Security – Findlay, Ohio – $120k‑$150k --- Who we are When we launched our SaaS platform five years ago, we imagined a product that would let small‑business owners focus on their customers instead of worrying about data breaches. Fast‑forward to today, we serve over 3,200 paying customers, process more than 12 billion transactions per year, and have a $75 million ARR. Our engineering headquarters sit in Findlay, Ohio, but the security mindset lives everywhere our people work.Why this role exists now In the last 12 months we’ve seen a 42 % increase in credential‑stuffing attacks targeting our customers, and three high‑severity incidents that forced us to temporarily suspend API access. Those events taught us two things: (1) we need a deeper, hands‑on threat‑hunting capability, and (2) the next generation of our platform will be built on a multi‑cloud architecture that demands a more sophisticated security posture. We’re expanding the security team from eight to fifteen full‑time members, and we need a senior engineer who can own the end‑to‑end lifecycle of risk detection, response, and remediation—all while working remotely.What you’ll do day‑to‑day - Run the detection engine – Tune and maintain our Splunk Enterprise SIEM, write 30–40 new correlation rules per quarter, and keep false‑positive rates below 5 %. - Lead threat‑hunting cycles – Conduct weekly “hunt‑buckets” using CrowdStrike Falcon and open‑source YARA signatures, surface at least two novel attack patterns each month, and document findings in Confluence. - Own the vulnerability program – Manage Qualys scans for on‑prem and cloud assets, triage findings to meet a 72‑hour remediation SLA, and drive a 20 % reduction in critical CVEs YoY.- Secure our CI/CD pipeline – Integrate Checkmarx SAST, SonarQube, and Trivy container scans into GitHub Actions, enforce “no high‑severity findings before merge,” and keep the average time‑to‑fix under 24 hours. - Automate policy enforcement – Write Terraform modules that provision AWS GuardDuty, Azure Sentinel, and GCP Security Command Center, and use Sentinel policies to block mis‑configurations automatically. - Mentor junior staff – Pair with the three junior analysts on‑call rotation, run monthly brown‑bag sessions on topics like “OSINT for Red‑Team Collaboration,” and help them earn their first CISSP.- Report to leadership – Produce a quarterly security posture dashboard for the executive team that shows a 40 % drop in breach attempts, $1.2 million saved in avoided incident costs, and a 95 % SLA compliance rate. What you’ll own -The full life‑cycle of a security incident: detection, containment, eradication, and post‑mortem. Over the past year we averaged 2.8 incidents per quarter; we expect you to keep that number flat while improving mean‑time‑to‑detect (MTTD) from 4 hours to under 2 hours.- Cloud‑native security controls across AWS, Azure, and GCP. You’ll be the point person for configuring IAM roles in Okta and setting up least‑privilege policies that satisfy PCI‑DSS and SOC 2 requirements. -The “security as code” framework that our developers rely on. Our current repo contains 1,300 lines of Terraform for guardrails; you’ll expand that to cover network segmentation and secret management. Who you are - Experience – 5+ years in information security, with at least three years in a SOC or threat‑hunting function.You’ve shipped at least two large‑scale security automation projects that reduced manual effort by 30 % or more. - Technical chops – Proficient in Python (3+ years), Bash, and PowerShell; comfortable reading packet captures in Wireshark and building Zeek scripts. You can explain why a false‑positive rule in Splunk was triggering 8,000 events per hour and how you fixed it. - Certifications – CISSP, GSEC, or CEH are nice to have; a recent OSCP or AWS Security Specialty will set you apart. - Communication – You can translate a CVE‑2023‑28423 impact into plain English for a product manager in Findlay, Ohio and get a consensus on patch priority.- Culture fit –Remote work isn’t a perk for us; it’s a necessity. You’re self‑motivated, keep a tidy task board in JIRA, and know how to balance “focus time” with the inevitable video‑call fire drills. Our tech stack (just a taste) 1. Splunk Enterprise (SIEM) 2. CrowdStrike Falcon (EDR) 3. Qualys VM/PC (Vulnerability Management) 4. Checkmarx & SonarQube (SAST) 5. Trivy & Aqua (Container Scanning) 6. AWS GuardDuty, Azure Sentinel, GCP SCC (Cloud Threat Detection) 7. Terraform (IaC) and Pulumi (policy as code) 8.Okta (Identity & Access) 9. GitHub Actions (CI/CD) 10. JIRA Service Management (Ticketing) 11. Confluence & Notion (Documentation) 12. Python, Bash, PowerShell (Automation)The human side of security > “I still remember the first time I walked into a live incident call at 2 a.m. from my home office in Portland. My teammate in Findlay, Ohio was calm, explained the breach in plain language, and we closed the loop together. It reminded me why we’re here – protecting real people, not just logs.” – Maya Patel,Senior Threat Analyst That moment is why we invest in a supportive on‑call rotation: each engineer gets a maximum of two consecutive weeks of 24/7 duty, followed by a three‑day “recovery” window where the whole team shares meals over Zoom.What you’ll get in return -Compensation – Base salary $120,000–$150,000 (commensurate with experience) plus quarterly performance bonus up to 10 % of base. - Benefits – Fully remote work, a home‑office stipend of $1,200, health, dental, vision, 401(k) match up to 5 %, and 22 paid vacation days plus company holidays. - Learning budget – $3,000 per year for conferences (Black Hat, DEFCON, RSA) or certifications, with a guaranteed time block for study. -Career path – Clear ladder fromSenior Engineer to Lead Security Architect, then to Director of Security Operations; internal mobility is the norm.Life in Findlay, Ohio (even if you’re not there)Our core office sits in the downtown district of Findlay, Ohio. While most of the team works from wherever they feel most productive, we host quarterly “security summits” at our Findlay office. Those days include hands‑on labs, a lunch‑and‑learn with the product team, and a tour of the local cyber‑museum. If you happen to live in Findlay, Ohio you’ll find a short walk to countless coffee shops where you can pop in for a quick sync, but you’re just as welcome joining from a beachfront condo in Bali.Hiring process 1. Resume & short cover letter – Tell us about the most recent detection rule you wrote and the impact it had. 2. Technical screen (30 min) – A quick conversation with our recruiting lead about your background and remote work setup. 3. Live problem‑solving (90 min) – You’ll be given a small log file (no more than 200 KB) and asked to identify suspicious activity, explain your reasoning, and suggest a mitigation. 4. Team interview (60 min) – Meet the SOC manager, a senior engineer, and a product security analyst.Expect scenario‑based questions and a discussion of our quarterly security metrics. 5. Executive chat (30 min) – A brief conversation with the VP of Engineering to ensure alignment on career growth and company vision. If you clear all steps, we’ll extend an offer within 5 business days. Our commitment to diversity & inclusion Security is strongest when the perspectives behind it are diverse. We actively recruit candidates of all backgrounds, and we provide accommodations for neurodivergent applicants upon request.Our employee resource groups include women in security, LGBTQ+ allies, and veterans—each of which meets virtually at least once a month. Final thoughts We’re not looking for a checklist of buzzwords; we’re looking for a security professional who sees every alert as a story, every vulnerability as an opportunity to teach, and every patch as a promise to our customers. If you thrive on turning noisy data into clear action, enjoy mentoring junior analysts, and want to shape the security roadmap of a rapidly scaling SaaS business—all from the comfort of your own home—then we’d love to hear from you.and join a team that turns “security incidents” into “security successes.” Apply tot his job