Senior Information Security Engineer

About Cimpress:

Led by founder and CEO Robert Keane, Cimpress invests in and helps build customer-focused, entrepreneurial mass customization businesses. Through the personalized physical (and digital) products these companies create,we empower over 17 million global customers to make an impression. Last year, Cimpress generated $3.5B in revenue through customized print products, signage, apparel, packaging and more. The Cimpress family includes a dynamic, international group of businesses and central teams, all working to solve problems, build businesses, innovate and improve.

As a National Pen brand, Pens.com provides custom marketing solutions to 22 countries worldwide, fostering global connections between businesses and their customers. We specialize in personalized promotional products, including writing instruments, stationery, drinkware, bags, gifts, and trade show accessories. Our operations are supported by a network of 9 facilities across North America, Europe, Africa, and India. This global presence underscores our commitment to the timely delivery of our products and services to customers across the markets we serve.

About the Role:

We are looking for a Senior Information Security Engineer who is hands-on, takes full ownership, and delivers results independently. This is not a role where you wait for instructions. You will be expected to lead security initiatives across cloud environments, drive incident response from detection to resolution, manage vulnerabilities end to end, and provide practical security architecture guidance that teams can actually implement. You will work across multiple InfoSec domains and coordinate with cross-functional stakeholders, and be the go-to person the organisation relies on when security matters. You will be part of a lean security team that collectively owns and operates across all of these domains, so the ability to wear multiple hats, switch context quickly, and contribute wherever needed is essential.

The ideal candidate brings deep technical expertise across cloud security, SOC operations, incident response, digital forensics, vulnerability management, and threat intelligence. You should be equally comfortable investigating a P1 incident whenever such situation arises. If you thrive in environments that demand ownership, independent execution, and practical problem-solving over checkbox compliance, this role is built for you.

Mandatory Skills & Requirements:

All of the following are mandatory requirements for this role. Candidates must demonstrate hands-on, practical experience in each of these areas. Theoretical knowledge alone is not sufficient.

Cloud Security and Security Architecture

• Perform hands-on security architecture reviews for workloads deployed across AWS, OCI, Azure, and GCP, ensuring alignment with CIS Benchmarks, CSA Cloud Controls Matrix (CCM), and the NIST Cybersecurity Framework (CSF).
• Evaluate and provide actionable security recommendations for IaaS, PaaS, and SaaS environments, covering but not limited to network segmentation, identity and access management (IAM), encryption, logging, and data protection.
• Review cloud & application resource configurations, threat modelling, infrastructure-as-code templates, and deployment pipelines to identify security gaps before they reach production.
• Collaborate with engineering and DevOps teams to embed security controls into the software development lifecycle (SDLC) and cloud deployment workflows, following the principles of the AWS Well-Architected Framework Security Pillar and Azure Security Benchmark.

Vulnerability Management

• Own the end-to-end vulnerability management lifecycle: identification, assessment, prioritisation, tracking, remediation coordination, and stakeholder reporting.
• Operate and manage vulnerability assessment tools, specifically Orca Security, Microsoft Defender Security Posture Management, and Azure Security Posture Management, to maintain continuous visibility across the cloud estate.
• Coordinate remediation of findings from annual external penetration tests, working directly with application and infrastructure teams to drive timely closure within agreed SLAs, and independently validate fixes through retesting.
• Produce vulnerability trend reports, communicate remediation progress and residual risk to technical and non-technical stakeholders.
• Apply CVSS, EPSS, and risk-based prioritisation methodologies (aligned with frameworks such as NIST SP 800-40 and OWASP Risk Rating) to ensure remediation efforts are focused on what matters most.

SOC, Incident Response, and Digital Forensics

• Perform Security Operations Center (SOC) activities, including alert triage, threat hunting, and investigation of security events across the environment.
• Lead and coordinate end-to-end incident response for security incidents, following the NIST SP 800-61 Incident Handling framework and the SANS Incident Response Process (Preparation, Identification, Containment, Eradication, Recovery, Lessons Learned).
• Conduct hands-on digital forensics investigations, including evidence collection, analysis, timeline reconstruction, and root cause determination.
• Operate and manage CrowdStrike EDR for endpoint detection, threat hunting, SOAR Automation, use case implementation and response actions across the endpoint fleet.
• Utilise Hunters.io/Splunk/QRadar SIEM for log correlation, alert management, use case implementation and building detection rules to improve SOC detection coverage.
• Prepare detailed incident reports, conduct post-incident reviews, and drive remediation actions to prevent recurrence.
• Map adversary tactics and techniques to the MITRE ATT&CK Framework to strengthen detection engineering and improve threat visibility.

Threat Intelligence

• Leverage Dark & Deep Web Monitoring tool like Google Threat Intelligence (GTI)/Cyble/Flare.io, CloudSek etc. to proactively identify, analyse, and contextualise threats relevant to the organisation.
• Monitor and assess emerging threats, vulnerabilities, and attack trends, incorporating intelligence from open-source threat feeds, ISAC reports, and vendor advisories alongside GTI findings.
• Contribute to the development of threat-informed defence strategies using the MITRE ATT&CK Framework, the Cyber Kill Chain model, and the Diamond Model of Intrusion Analysis.

Secure Code and Supply Chain Security

• Operate SAST tooling and Snyk/SonarQube (SCA) to help development teams identify and remediate code-level and dependency vulnerabilities across the SDLC.

Cross-Functional Collaboration and Stakeholder Management

• Serve as the point of contact for internal teams, providing clear and practical guidance on security-related queries and decisions. Translating complex technical findings into clear, understandable language for non-technical stakeholder, ensuring security outcomes drive informed business decisions.
• Coordinate and communicate effectively with engineering, IT operations, and compliance teams during security incidents, reviews, and project engagements.
• Drive security awareness and best practices across the organisation through documentation, knowledge sharing, and advisory support.

Preferred Certifications

• CompTIA Security+, CEH, CCNA Security
• Cloud security certifications such as AWS Certified Security – Specialty, AZ-500 (Azure Security Engineer Associate), Google Professional Cloud Security Engineer, or CCSP (Certified Cloud Security Professional).

Good to Have

• CISM, CISSP, CISA

Experience required:

• Minimum 4+ years of hands-on experience in Information Security or Cybersecurity roles, with demonstrated depth across the mandatory skill domains listed above.
• Candidates with a strong progression from roles like Cloud Security, Endpoint Security, Network Security, SOC, Security Architect, Threat Intelligence, Application Security, Data Security, Perimeter Security into Senior Security Engineering positions are encouraged to apply.
• Experience working in multi-cloud environments and coordinating security operations across distributed teams is strongly valued.

Why You'll Love Working Here:

Being at Cimpress means that you don’t see work as just a building, a desk or a manufacturing floor. You see it as a chance to take a step forward in your career journey – and your life. We strive to give you everything you need to learn, grow, and succeed. Through innovation, collaboration, and perpetual exposure to what’s next, we’re always pushing boundaries and broadening our horizons. We embrace the chance to operate outside of our comfort zone to discover what we’re capable of. Some might call that a challenge; we just call it another great day at work.

Equal Opportunity Employer:

Cimpress, is an Equal Employment Opportunity Employer. All qualified candidates will receive consideration for employment without regard to race, color, sex, national or ethnic origin, nationality, age, religion, citizenship, disability, medical condition, sexual orientation, gender identity, gender presentation, legal or preferred name, marital status, pregnancy, family structure, veteran status or any other basis protected by human rights laws or regulations. This list is not exhaustive and, in fact, in many cases, we strive to do more than the law requires.

We're Remote-First:

In 2020, Cimpress adopted a Remote-First operating model and culture. We heard from our team members that having the freedom, autonomy and trust in each other to work from home and, the ability to operate when they are most productive, empowers them to be their best. Vista also provides collaboration spaces for team members to work physically together when it's safe to do so and when in-person collaboration will deliver the best results. Currently we are enabled to hire remote team members in over 30 US States as well as several countries in Europe, including Spain, Germany, UK, Czech Republic, the Netherlands and Switzerland.