Accretive Technology Group — Enterprise Security Manager

Work Remotely From: Arizona, California, Colorado, Florida, Michigan, Missouri, Nevada, South Carolina, Texas, or Washington.

Onsite/Hybrid Option: Seattle, WA

About Accretive Technology Group: We are a Seattle-based tech company with more than 25 years of proven success. Privately owned, stable, and profitable, we’ve built our reputation on open-source values, a strong DIY spirit, and a deep respect for craftsmanship. Our teams are customer-obsessed and built around empowered engineers who love what they do.

Role Overview: Our engineering team is FOSS-first, deeply collaborative, and committed to building secure, scalable systems that serve a wide range of customers and partners worldwide.

We’re looking for a seasoned and hands-on Enterprise Security Manager to lead the development and execution of our security initiatives across enterprise, development, and production environments. This is a unique opportunity to take ownership of a growing practice and build a high-impact security team from the ground up.

As our Enterprise Security Manager, you’ll be responsible for establishing and maturing a comprehensive security strategy that spans multiple environments and aligns with compliance standards such as PCI-DSS.

You'll partner closely with leadership and stakeholders across the business to design a long-term roadmap, shape internal security culture, and ultimately protect the integrity of our systems and services.

This role is a hybrid of strategic planning and technical execution — ideal for someone who has a broad understanding of modern security challenges and thrives in a fast-moving, distributed environment.

Key Responsibilities:

• Build and lead a small, high-performing security team — hiring, mentoring, and developing engineers and analysts.
• Define and drive the vision, roadmap, and execution of our security program across enterprise, development, and production environments.
• Lead vulnerability management efforts, including internal/external scans, real-time monitoring, bug bounty programs, and vulnerability disclosure (VDP).
• Design and implement tooling — including SIEM, SOAR, EDR, IDS, and logging platforms — to ensure visibility, threat detection, and automated response.
• Monitor evolving threat landscapes, lead incident response protocols, and develop systems for proactive risk management.
• Guide secure development efforts and partner with engineering teams on remediation strategies.
• Serve as the primary point of contact for PCI-DSS compliance, including oversight of scanning, remediation, and certification. Ensure the team maintains active PCI-ISA credentials.
• Lead audit readiness and evidence preparation for SOC 2, GAAP, and other regulatory IT audits, including control design and remediation efforts.
• Partner cross-functionally with infrastructure, development, IT, and compliance to embed security throughout the organization.
• Represent the company in the broader security community — contributing to research, attending or speaking at conferences, and helping elevate the team’s visibility.
• Foster continuous learning by supporting training, certifications, and conference attendance for security team members.
• Develop and communicate clear risk metrics, KPIs, and reports to leadership and stakeholders.

Qualifications:

• Proven experience in information security, including leadership or management of technical teams.
• Proven success building or scaling security programs in distributed, high-growth environments.
• Deep understanding of secure systems and network architecture in production and enterprise environments.
• Experience with both cloud and on-prem infrastructure security, endpoint protection, and secure SDLC.
• Proficiency with scripting or development languages (Python, Go, Bash, etc.) and a strong belief in automation wherever possible.
• Familiarity with compliance frameworks like PCI-DSS, SOC 2, and GAAP-aligned IT controls.
• Strong communicator — clear, confident, and effective across technical and non-technical audiences.
• Hands-on familiarity with security tools such as CrowdStrike, Wiz, ELK, Wazuh, Falco, Prometheus, Grafana, or similar platforms.

Who You Are:

• Humble and collaborative — you work well across teams and mentor with patience and clarity.
• Driven by craftsmanship — always looking to improve, automate, and harden systems.
• Comfortable with complexity — you thrive in environments with nuance, ambiguity, and scale.
• Security-minded but pragmatic — you understand that security needs to enable velocity, not block it.
• Curious and engaged — you stay active in the security community, whether through talks, tools, or research.

Bonus Points If You…

• Have given talks or published research at security conferences like DEFCON, Black Hat, ToorCon, etc.
• Have experience with large-scale networking (BGP), DDoS mitigation, and globally distributed systems.
• Enjoy analyzing high-volume log data and surfacing actionable insights.
• Have participated in CTFs, red team exercises, or collegiate cyber competitions.
• Are active in bug bounty programs — send us your profile!
• Have deep knowledge of Linux internals, eBPF, WAF evasion, packet analysis, and related domains.
• Have familiarity with Microsoft enterprise environments (Windows, Azure, and compliance considerations).
• Hold certifications such as OSCP, OSCE, or similar (a plus, not required).
• Earned a degree in a STEM or engineering discipline (also not required — skill matters most).

Perks & Benefits:

• Employer-paid Medical, Dental, and Vision benefits
• Life & Disability Insurance Coverage
• Health Care FSA
• Daycare FSA
• 401(k) with a 50% contribution match (no limit)
• Generous Vacation and PTO plan
• Paid Holidays
• Semi-Annual Profit Sharing
• Gym/Equivalent Exercise Program Reimbursement
• $175 transportation Reimbursement ($100 of this may be used for home internet for remote and hybrid employees)
• Dedicated annual budget for training, certifications, and conference attendance
• Flexible remote work (with the option to work from our Seattle HQ)
• High ownership and impact — help build a world-class security program from the ground up

A reasonable, good-faith estimate of the minimum and maximum base salary for this position is $150K - $250K. This position will also include a profit sharing that is dependent on a variety of factors.

Accretive Technology Group is an Equal Employment Opportunity employer. All qualified candidates will receive consideration for employment without regard to race, color, religion, sex, or national origin.

• Unfortunately, we do not provide visa sponsorship, visa transfer, or corp-corp arrangements.
• Agencies - NO unsolicited submissions will be accepted and if any Agency does submit an unsolicited candidate that Agency shall have no recourse from Accretive Technology Group.