Enterprise Security Manager
Accretive Technology Group — Enterprise Security Manager
Work Remotely From: Arizona, California, Colorado, Florida, Michigan, Missouri, Nevada, South Carolina, Texas, or Washington.
Onsite/Hybrid Option: Seattle, WA
About Accretive Technology Group: We are a Seattle-based tech company with more than 25 years of proven success. Privately owned, stable, and profitable, we’ve built our reputation on open-source values, a strong DIY spirit, and a deep respect for craftsmanship. Our teams are customer-obsessed and built around empowered engineers who love what they do.
Role Overview: Our engineering team is FOSS-first, deeply collaborative, and committed to building secure, scalable systems that serve a wide range of customers and partners worldwide.
We’re looking for a seasoned and hands-on Enterprise Security Manager to lead the development and execution of our security initiatives across enterprise, development, and production environments. This is a unique opportunity to take ownership of a growing practice and build a high-impact security team from the ground up.
As our Enterprise Security Manager, you’ll be responsible for establishing and maturing a comprehensive security strategy that spans multiple environments and aligns with compliance standards such as PCI-DSS.
You'll partner closely with leadership and stakeholders across the business to design a long-term roadmap, shape internal security culture, and ultimately protect the integrity of our systems and services.
This role is a hybrid of strategic planning and technical execution — ideal for someone who has a broad understanding of modern security challenges and thrives in a fast-moving, distributed environment.
Key Responsibilities:
- Build and lead a small, high-performing security team — hiring, mentoring, and developing engineers and analysts.
- Define and drive the vision, roadmap, and execution of our security program across enterprise, development, and production environments.
- Lead vulnerability management efforts, including internal/external scans, real-time monitoring, bug bounty programs, and vulnerability disclosure (VDP).
- Design and implement tooling — including SIEM, SOAR, EDR, IDS, and logging platforms — to ensure visibility, threat detection, and automated response.
- Monitor evolving threat landscapes, lead incident response protocols, and develop systems for proactive risk management.
- Guide secure development efforts and partner with engineering teams on remediation strategies.
- Serve as the primary point of contact for PCI-DSS compliance, including oversight of scanning, remediation, and certification. Ensure the team maintains active PCI-ISA credentials.
- Lead audit readiness and evidence preparation for SOC 2, GAAP, and other regulatory IT audits, including control design and remediation efforts.
- Partner cross-functionally with infrastructure, development, IT, and compliance to embed security throughout the organization.
- Represent the company in the broader security community — contributing to research, attending or speaking at conferences, and helping elevate the team’s visibility.
- Foster continuous learning by supporting training, certifications, and conference attendance for security team members.
- Develop and communicate clear risk metrics, KPIs, and reports to leadership and stakeholders.
Qualifications:
- Proven experience in information security, including leadership or management of technical teams.
- Proven success building or scaling security programs in distributed, high-growth environments.
- Deep understanding of secure systems and network architecture in production and enterprise environments.
- Experience with both cloud and on-prem infrastructure security, endpoint protection, and secure SDLC.
- Proficiency with scripting or development languages (Python, Go, Bash, etc.) and a strong belief in automation wherever possible.
- Familiarity with compliance frameworks like PCI-DSS, SOC 2, and GAAP-aligned IT controls.
- Strong communicator — clear, confident, and effective across technical and non-technical audiences.
- Hands-on familiarity with security tools such as CrowdStrike, Wiz, ELK, Wazuh, Falco, Prometheus, Grafana, or similar platforms.
Who You Are:
- Humble and collaborative — you work well across teams and mentor with patience and clarity.
- Driven by craftsmanship — always looking to improve, automate, and harden systems.
- Comfortable with complexity — you thrive in environments with nuance, ambiguity, and scale.
- Security-minded but pragmatic — you understand that security needs to enable velocity, not block it.
- Curious and engaged — you stay active in the security community, whether through talks, tools, or research.
Bonus Points If You…
- Have given talks or published research at security conferences like DEFCON, Black Hat, ToorCon, etc.
- Have experience with large-scale networking (BGP), DDoS mitigation, and globally distributed systems.
- Enjoy analyzing high-volume log data and surfacing actionable insights.
- Have participated in CTFs, red team exercises, or collegiate cyber competitions.
- Are active in bug bounty programs — send us your profile!
- Have deep knowledge of Linux internals, eBPF, WAF evasion, packet analysis, and related domains.
- Have familiarity with Microsoft enterprise environments (Windows, Azure, and compliance considerations).
- Hold certifications such as OSCP, OSCE, or similar (a plus, not required).
- Earned a degree in a STEM or engineering discipline (also not required — skill matters most).
Perks & Benefits:
- Employer-paid Medical, Dental, and Vision benefits
- Life & Disability Insurance Coverage
- Health Care FSA
- Daycare FSA
- 401(k) with a 50% contribution match (no limit)
- Generous Vacation and PTO plan
- Paid Holidays
- Semi-Annual Profit Sharing
- Gym/Equivalent Exercise Program Reimbursement
- $175 transportation Reimbursement ($100 of this may be used for home internet for remote and hybrid employees)
- Dedicated annual budget for training, certifications, and conference attendance
- Flexible remote work (with the option to work from our Seattle HQ)
- High ownership and impact — help build a world-class security program from the ground up
A reasonable, good-faith estimate of the minimum and maximum base salary for this position is $150K - $250K. This position will also include a profit sharing that is dependent on a variety of factors.
Accretive Technology Group is an Equal Employment Opportunity employer. All qualified candidates will receive consideration for employment without regard to race, color, religion, sex, or national origin.
- Unfortunately, we do not provide visa sponsorship, visa transfer, or corp-corp arrangements.
- Agencies - NO unsolicited submissions will be accepted and if any Agency does submit an unsolicited candidate that Agency shall have no recourse from Accretive Technology Group.