Job Description

Job Description

Job Description

About SpotOn

We’re not just building restaurant tech, we’re giving independent restaurants the tools to compete and win. From our award-winning point-of-sale to AI-powered profit tools, everything we do helps operators boost profit, work smarter, and keep their best people. And every solution is backed by real humans who actually give a sh*t about helping restaurants succeed.

• Named the #1 Restaurant POS by G2 (Fall 2025), based on ratings from real users

• Rated the top-rated point-of-sale (POS) for restaurants, bars, retail, and small businesses by Capterra users

• Awarded Great Places to Work and Built In’s Best Workplaces for multiple years running

We move fast, care hard, and fight for independent restaurant operators to do what they love, and love doing it. If you’re looking to make an impact with heart and hustle, SpotOn is the place for you.

We are seeking a Trust & Safety Engineer to help protect our SaaS-based eCommerce platform by blending compliance engineering with security operations. In this role, you will build, operate, and automate security controls while designing infrastructure that meets the highest standards of trust and safety. This role blends compliance engineering, security operations, and risk monitoring. You will be responsible for ensuring our systems meet regulatory and trust requirements (SOC 2, ISO 27001, PCI DSS, GDPR/CCPA) while also leading core security detection, monitoring, and incident response capabilities. We believe that trust is earned—and sustained—through transparency, accountability, and secure engineering. As a Trust, Safety & Security Operations Engineer, you’ll help us ensure our business, systems, and people operate with integrity and compliance at every level.

What You’ll Do

Incident Response & Security Operations

• Lead security incident response efforts, including containment, investigation, root cause analysis, and post-incident reviews. You must be able to organize complex information, initiate response workflows, and confidently lead calls with key stakeholders.

• Manage and monitor endpoint security tools (e.g., CrowdStrike). You must be familiar with modern security requirements for managed devices including laptops, containerized resources, servers, and mobile devices.

• Operate and enhance security monitoring and alerting across cloud, SaaS, endpoint, and identity environments.

• Triage and investigate security alerts related to access misuse, policy violations, suspicious activity, and data exposure.

• Maintain and tune SIEM detections, alert thresholds, and response playbooks.

• Leverage AI tools and technologies to enhance Security Operations

Compliance Engineering & Automation

• Lead the technical requirements to enable automation capabilities to improve time-to-respond, evidence collection, and overall efficacy for visibility and reporting.

• Implement and automate compliance workflows by building integrations that support SOC 2, ISO 27001, PCI DSS, and privacy initiatives.

• Ensure evidence is collected automatically and control performance is continuously validated.

• Translate policies into technical solutions, and annually maintain policies to ensure they remain current with evolving business and regulatory needs.

• Evaluate risk posture and technical requirements for third-party vendors to ensure alignment with internal trust and security standards.

• Identify areas for AI tools and technologies to enhance GRC functions

Data Protection & Risk Management

• Engineer and maintain data protection controls—including encryption, logging, access management, data retention, and proper storage and segregation of PII.

• Conduct periodic user access reviews and implement least-privilege access controls and privileged access workflows.

• Detect and investigate insider risk indicators and anomalous access patterns.

• Secure by Design: Partner with product, engineering, and IT teams to embed compliance-by-design principles into new systems and business processes.

What You’ll Bring

Experience & Education

• 3–7 years of experience in security engineering, compliance automation, Security Operations, or GRC-aligned roles in a SaaS or eCommerce environment.

• Bachelor’s degree in Computer Science, Cybersecurity, Information Systems, or related field (or equivalent experience).

• Certifications: CISSP is preferred but not required

Technical Skills

• Hands-on experience implementing and administering endpoint management & security technologies

• Understanding of compliance frameworks including SOC 2, PCI DSS, GDPR, and CCPA.

• Hands-on experience securing cloud platforms and SaaS management tools.

• Proficiency in scripting (Python, PowerShell, Bash)

• Experience leveraging AI tools and technologies to create opportunities for optimization, automation, and intelligent use of data integrations.

• Experience administering a SIEM, alerting, and incident response workflows.

• Experience with compliance automation platforms (e.g., Drata)

• Background in risk scoring or control maturity frameworks.

Soft Skills

• Comfortable leading large calls with key stakeholders and explaining technical controls to non-technical audiences.

• A bias for action; you are a self-starter comfortable working autonomously.

• Possess intellectual curiosity at all times

• Desire to build and maintain relationships across the business including both technical and non-technical teams

We will never ask candidates to pay fees, purchase equipment, or share sensitive personal or financial information during the hiring process. All legitimate communication from our recruiting team will come from an official company email address (@ spoton.com ). If something seems suspicious, please contact us at careers@spoton.com .

SpotOn is an equal employment opportunity employer. Qualified candidates are considered for employment without regard to race, religion, gender, gender identity, sexual orientation, national origin, age, military or veteran status, disability, or any other characteristic protected by applicable law.

SpotOn is an E-Verify company.

Job Tags

Similar Jobs