Enterprise Security Manager

at Accretive Technology Group
💰 $150k-$250k

Job description

Accretive Technology Group — Enterprise Security Manager

Work Remotely From: Arizona, California, Colorado, Florida, Michigan, Missouri, Nevada, South Carolina, Texas, or Washington.

Onsite/Hybrid Option: Seattle, WA

About Accretive Technology Group: We are a Seattle-based tech company with more than 25 years of proven success. Privately owned, stable, and profitable, we’ve built our reputation on open-source values, a strong DIY spirit, and a deep respect for craftsmanship. Our teams are customer-obsessed and built around empowered engineers who love what they do.

Role Overview: Our engineering team is FOSS-first, deeply collaborative, and committed to building secure, scalable systems that serve a wide range of customers and partners worldwide.

We’re looking for a seasoned and hands-on Enterprise Security Manager to lead the development and execution of our security initiatives across enterprise, development, and production environments. This is a unique opportunity to take ownership of a growing practice and build a high-impact security team from the ground up.

As our Enterprise Security Manager, you’ll be responsible for establishing and maturing a comprehensive security strategy that spans multiple environments and aligns with compliance standards such as PCI-DSS.

You’ll partner closely with leadership and stakeholders across the business to design a long-term roadmap, shape internal security culture, and ultimately protect the integrity of our systems and services.

This role is a hybrid of strategic planning and technical execution — ideal for someone who has a broad understanding of modern security challenges and thrives in a fast-moving, distributed environment.

Key Responsibilities:

  • Build and lead a small, high-performing security team — hiring, mentoring, and developing engineers and analysts.
  • Define and drive the vision, roadmap, and execution of our security program across enterprise, development, and production environments.
  • Lead vulnerability management efforts, including internal/external scans, real-time monitoring, bug bounty programs, and vulnerability disclosure (VDP).
  • Design and implement tooling — including SIEM, SOAR, EDR, IDS, and logging platforms — to ensure visibility, threat detection, and automated response.
  • Monitor evolving threat landscapes, lead incident response protocols, and develop systems for proactive risk management.
  • Guide secure development efforts and partner with engineering teams on remediation strategies.
  • Serve as the primary point of contact for PCI-DSS compliance, including oversight of scanning, remediation, and certification. Ensure the team maintains active PCI-ISA credentials.
  • Lead audit readiness and evidence preparation for SOC 2, GAAP, and other regulatory IT audits, including control design and remediation efforts.
  • Partner cross-functionally with infrastructure, development, IT, and compliance to embed security throughout the organization.
  • Represent the company in the broader security community — contributing to research, attending or speaking at conferences, and helping elevate the team’s visibility.
  • Foster continuous learning by supporting training, certifications, and conference attendance for security team members.
  • Develop and communicate clear risk metrics, KPIs, and reports to leadership and stakeholders.

Qualifications:

  • Proven experience in information security, including leadership or management of technical teams.
  • Proven success building or scaling security programs in distributed, high-growth environments.
  • Deep understanding of secure systems and network architecture in production and enterprise environments.
  • Experience with both cloud and on-prem infrastructure security, endpoint protection, and secure SDLC.
  • Proficiency with scripting or development languages (Python, Go, Bash, etc.) and a strong belief in automation wherever possible.
  • Familiarity with compliance frameworks like PCI-DSS, SOC 2, and GAAP-aligned IT controls.
  • Strong communicator — clear, confident, and effective across technical and non-technical audiences.
  • Hands-on familiarity with security tools such as CrowdStrike, Wiz, ELK, Wazuh, Falco, Prometheus, Grafana, or similar platforms.

Who You Are:

  • Humble and collaborative — you work well across teams and mentor with patience and clarity.
  • Driven by craftsmanship — always looking to improve, automate, and harden systems.
  • Comfortable with complexity — you thrive in environments with nuance, ambiguity, and scale.
  • Security-minded but pragmatic — you understand that security needs to enable velocity, not block it.
  • Curious and engaged — you stay active in the security community, whether through talks, tools, or research.

Bonus Points If You…

  • Have given talks or published research at security conferences like DEFCON, Black Hat, ToorCon, etc.
  • Have experience with large-scale networking (BGP), DDoS mitigation, and globally distributed systems.
  • Enjoy analyzing high-volume log data and surfacing actionable insights.
  • Have participated in CTFs, red team exercises, or collegiate cyber competitions.
  • Are active in bug bounty programs — send us your profile!
  • Have deep knowledge of Linux internals, eBPF, WAF evasion, packet analysis, and related domains.
  • Have familiarity with Microsoft enterprise environments (Windows, Azure, and compliance considerations).
  • Hold certifications such as OSCP, OSCE, or similar (a plus, not required).
  • Earned a degree in a STEM or engineering discipline (also not required — skill matters most).

Perks & Benefits:

  • Employer-paid Medical, Dental, and Vision benefits
  • Life & Disability Insurance Coverage
  • Health Care FSA
  • Daycare FSA
  • 401(k) with a 50% contribution match (no limit)
  • Generous Vacation and PTO plan
  • Paid Holidays
  • Semi-Annual Profit Sharing
  • Gym/Equivalent Exercise Program Reimbursement
  • $175 transportation Reimbursement ($100 of this may be used for home internet for remote and hybrid employees)
  • Dedicated annual budget for training, certifications, and conference attendance
  • Flexible remote work (with the option to work from our Seattle HQ)
  • High ownership and impact — help build a world-class security program from the ground up

A reasonable, good-faith estimate of the minimum and maximum base salary for this position is $150K - $250K. This position will also include a profit sharing that is dependent on a variety of factors.

Accretive Technology Group is an Equal Employment Opportunity employer. All qualified candidates will receive consideration for employment without regard to race, color, religion, sex, or national origin.

  • Unfortunately, we do not provide visa sponsorship, visa transfer, or corp-corp arrangements.
  • Agencies - NO unsolicited submissions will be accepted and if any Agency does submit an unsolicited candidate that Agency shall have no recourse from Accretive Technology Group.
Share this job:
Please let Accretive Technology Group know you found this job on Remote First Jobs 🙏

Similar Remote Jobs

Benefits of using Remote First Jobs

Discover Hidden Jobs

Unique jobs you won't find on other job boards.

Advanced Filters

Filter by category, benefits, seniority, and more.

Priority Job Alerts

Get timely alerts for new job openings every day.

Manage Your Job Hunt

Save jobs you like and keep a simple list of your applications.

Search remote, work from home, 100% online jobs

We help you connect with top remote-first companies.

Search jobs

Hiring remote talent? Post a job

Frequently Asked Questions

What makes Remote First Jobs different from other job boards?

Unlike other job boards that only show jobs from companies that pay to post, we actively scan over 20,000 companies to find remote positions. This means you get access to thousands more jobs, including ones from companies that don't typically post on traditional job boards. Our platform is dedicated to fully remote positions, focusing on companies that have adopted remote work as their standard practice.

How often are new jobs added?

New jobs are constantly being added as our system checks company websites every day. We process thousands of jobs daily to ensure you have access to the most up-to-date remote job listings. Our algorithms scan over 20,000 different sources daily, adding jobs to the board the moment they appear.

Can I trust the job listings on Remote First Jobs?

Yes! We verify all job listings and companies to ensure they're legitimate. Our system automatically filters out spam, junk, and fake jobs to ensure you only see real remote opportunities.

Can I suggest companies to be added to your search?

Yes! We're always looking to expand our listings and appreciate suggestions from our community. If you know of companies offering remote positions that should be included in our search, please let us know. We actively work to increase our coverage of remote job opportunities.

How do I apply for jobs?

When you find a job you're interested in, simply click the 'Apply Now' button on the job listing. This will take you directly to the company's application page. We kindly ask you to mention that you found the position through Remote First Jobs when applying, as it helps us grow and improve our service 🙏

Apply