Canopy is looking for a Security Engineer to join our growing team and help execute on our security roadmap. In this role, you will focus on detection engineering, compliance operations, and customer-facing security activities. This is a great opportunity for someone who thrives on operational security work and wants to grow within a collaborative, fast-moving SaaS environment.
What You'll Do
- Write, tune, and maintain detection rules in Datadog (SIEM) to identify threats, reduce false positives, and improve alert quality.
- Support SOC 2 audit cycles, including evidence collection, control mapping, and auditor coordination within Drata.
- Drive progress on Trust Services Criteria (TSC) expansion and CIS Controls v8 implementation, mapping controls and documenting evidence.
- Respond to customer security questionnaires and support customer-facing compliance activities.
- Assist with endpoint security operations under senior direction, including JAMF Pro, SentinelOne or CrowdStrike Falcon, and Cloudflare Zero Trust.
- Help maintain and improve compliance documentation, security policies, and internal procedures.
- Execute on security roadmap items across detection, compliance, and operational security.
What We're Looking For
- 3+ years of experience in information security, with hands-on work in detection engineering, compliance, or security operations.
- Experience working at a SaaS company.
- Practical detection engineering skills, including writing and tuning rules in a production SIEM (Datadog preferred, Splunk, Elastic, or similar).
- Hands-on experience with a GRC platform (Drata, Vanta, or equivalent), not just theoretical SOC 2 knowledge.
- Experience responding to customer security questionnaires and supporting external audits.
- Familiarity with compliance frameworks such as SOC 2, CIS Controls, or NIST CSF.
- Strong attention to detail and ability to manage multiple compliance and security workstreams simultaneously.
- Clear written and verbal communication skills, particularly for customer-facing compliance work.
Nice to Have
- Experience with endpoint security tools (JAMF Pro, SentinelOne, CrowdStrike Falcon, or Cloudflare Zero Trust).
- Familiarity with macOS MDM/fleet management and endpoint hardening.
- Exposure to DLP policy authoring, secure web gateway deployment, or CASB configuration.
- Relevant certifications (Security+, GSEC, CCSK, or similar).
- Experience with AWS security services or cloud security fundamentals.
Technical Stack
- Datadog
- Drata
- JAMF Pro
- SentinelOne
- CrowdStrike Falcon
- Cloudflare Zero Trust
Team & Environment
You will be reporting to the Director of DevOps, Security & IT.
Benefits & Compensation
- Flexible Paid Time Off, plus 10 company holidays
- Health Benefits including Medical, Dental, and Vision and an HSA Match
- 401(k) with 100% match up to 3% of your contribution, immediate eligibility with 100% vesting
- Mental Health support via Impact Suite & Employee Assistance Program (EAP)
- Paid New Parent Leave & Birthing Parent Leave
- Supplemental Benefits including 100% company paid Basic Life & AD&D insurance and long & short-term disability coverage
- Nectar peer-to-peer recognition program
- Company Events including monthly company-wide meetings, summer parties, and more
- ERG Committees to plan initiatives around continuing education, community outreach, recruiting, onboarding, and more
- Fully-stocked kitchen
Work Mode
This is a hybrid position based in South Jordan, UT.
Canopy is an equal-opportunity employer. Canopy provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, gender, national origin, sexual orientation, gender identity or expression, age, disability, genetic information, marital status, or veteran status.
