Staff Security Engineer

At FourKites we have the opportunity to tackle complex challenges with real-world impacts. Whether it’s medical supplies from Cardinal Health or groceries for Walmart, the FourKites platform helps customers operate global supply chains that are efficient, agile and sustainable.

Join a team of curious problem solvers that celebrates differences, leads with empathy and values inclusivity.

We are seeking a Security Lead with a strong background in cloud infrastructure security, security operations, and compliance. The ideal candidate will provide technical leadership across multi-cloud environments (AWS and Azure), security frameworks (ISO27001, PCI DSS, SOC 2), and modern security tools while bringing experience in SOC operations, vulnerability management, and security governance. This leadership role requires someone who can build and direct security teams, implement robust security controls, manage security incidents, and ensure compliance with industry standards. The Security Lead must excel at developing, implementing, and maintaining a comprehensive suite of security policies and procedures that align with organizational objectives and regulatory requirements.

• Lead the security team to deliver effective security services across the organization
• Contribute to security strategy and roadmap aligned with business objectives
• Provide technical guidance and mentorship to team members
• Serve as the security subject matter expert for management
• Drive security maturity improvements based on industry best practices
• Lead security governance meetings and present security metrics to stakeholders

• Lead the development, implementation, and maintenance of the organization's comprehensive security policy framework including:
• Identity and Access Management & Asset Management Procedures
• Access Control Policy
• Acceptable Usage Policy
• Data Classification and Protection Policies
• Information Security Management System (ISMS) Manual
• Cloud Security Policy and Cyber Security Policy
• Cryptography and Key Management Policy
• Network Security Procedures
• Application Security Standards
• Vulnerability Management Procedures
• Third Party Security Standards and Policies
• Software Development Lifecycle Procedures
• Risk Management Procedures
• Ensure policies adhere to ISO27001 requirements and maintain the Statement of Applicability
• Oversee the development and maintenance of Standard Operating Procedures for IT, DevOps, Admin, Product Support, Application, and Information Security teams
• Lead regular reviews and updates of the Risk Register and security policies

• Lead the implementation and management of security architecture across AWS and Azure environments
• Design and implement consistent security controls across multi-cloud platforms
• Oversee WAF solutions to protect web applications from threats
• Direct configuration and management of cloud security controls across cloud environments
• Guide implementation of container security measures
• Oversee cryptographic key management and security automation
• Implement cloud security best practices for both AWS and Azure

• Lead SOC team to ensure efficient cybersecurity monitoring, incident response, and threat management
• Oversee implementation and management of SIEM solutions
• Guide detection strategy and custom rule development
• Ensure effective incident response and threat management
• Coordinate security incident management and response

• Lead the development and maintenance of Business Continuity Plan and Disaster Recovery Plan
• Coordinate with stakeholders to ensure plans are regularly tested and updated
• Implement backup policies and procedures to ensure data availability

• Act as the primary liaison for internal, external, and regulatory audits
• Lead compliance efforts for ISO27001, PCI DSS, and SOC 2
• Coordinate vendor risk management activities
• Contribute to defining roles and responsibilities for ISMS, IT, and DevOps teams
• Lead preparation of documentation and evidence for compliance audits

• Guide development and implementation of physical and environmental security standards
• Oversee secure disposal processes
• Coordinate implementation of clear desk and clear screen procedures

• Lead the organization's vulnerability management program
• Coordinate vulnerability assessment and penetration testing initiatives
• Oversee remediation efforts
• Guide risk assessments and threat modeling
• Lead patch management implementation

• Develop security awareness strategy and training programs
• Coordinate phishing simulation campaigns
• Foster security culture development initiatives

• Strong leadership and team coordination abilities
• Tactical execution with ability to align security initiatives with business objectives
• Exceptional ability to develop clear, comprehensive, and effective security policies
• Strong analytical, troubleshooting, and problem-solving skills
• Excellent communication skills for collaborating with cross-functional teams and management
• Experience working as security lead across multiple business units
• Ability to translate complex security concepts for non-technical stakeholders
• Proactive approach to identifying and addressing security challenges

This leadership position offers the opportunity to lead security initiatives across multiple business entities while implementing cutting-edge security solutions and best practices. The role requires a candidate who can provide technical leadership and excel at developing and maintaining the comprehensive policy framework that governs the organization's security posture.
Who you are 

• 6+ years of information security experience with focus on cloud security and security operations
• Experience in a security leadership or team lead role
• Strong hands-on experience with multi-cloud platforms (AWS and Azure) and their security services
• Demonstrated experience implementing security frameworks and maintaining certifications (ISO27001, PCI DSS, SOC 2)
• Proven track record in developing, implementing, and managing comprehensive security policies
• Background in security monitoring, incident response, and vulnerability management
• Experience with container security and Kubernetes environments

• Security policy development and implementation
• Security team leadership and coordination
• Multi-cloud security implementation (AWS and Azure)
• Security monitoring and SIEM implementation (Wazuh, CrowdStrike Falcon)
• Cloud security tools and WAF configuration (Reblaze, AWS WAF, Azure WAF)
• Container security (NeuVector, Kubernetes security controls)
• Vulnerability assessment and penetration testing coordination
• Identity and access management, implementing least privilege principles
• Security automation and infrastructure as code

• ISO27001 Implementation experience will be a plus
• PCI DSS compliance expertise will be a plus
• SOC 2 compliance expertise will be a plus
• Cloud security certifications (AWS Security, Azure Security) will be a plus
• Security certifications (CISSP, CISM)will be a plus

Who we are:

FourKites®, the leader in AI-driven supply chain transformation for global enterprises and pioneer of real-time visibility, turns supply chain data into automated action. FourKites’ Intelligent Control Tower™ breaks down enterprise silos by creating a real-time digital twin of orders, shipments, inventory and assets. This comprehensive view, combined with AI-powered digital workers, enables companies to prevent disruptions, automate routine tasks, and optimize performance across As the leader in AI-driven supply chain transformation, FourKites pioneered the Intelligent Control Tower™ powered by the world’s largest real-time visibility network. Our platform creates comprehensive digital twins of your supply chain with AI-powered digital workers to automate resolution, improve collaboration and drive outcomes across all stakeholders. Unlike traditional control towers, we enable true real-time execution and intelligent fulfillment, transforming both your supply and customer.

Benefits 

• Medical benefits start on first day of employment
• 36 PTO days( Sick, Casual and Earned) , 5 recharge days, 2 volunteer days 
• Home Office setups and Technology reimbursement
• Lifestyle & Family benefits 
• Annual Swags/ Festive Swags
• Ongoing learning & development opportunities ( Professional development program, Toast Master club etc.)