The Senior Security Engineer will enhance security for Onit's SaaS applications, lead cloud security initiatives, drive incident response, and collaborate across teams to ensure strong security practices.
About Onit:
We're redefining the future of legal operations through the power of AI. Our cutting-edge platform streamlines enterprise legal management, matter management, spend management and contract lifecycle processes, transforming manual workflows into intelligent, automated solutions.
We’re a team of innovators using AI at the core to help legal departments become faster, smarter, and more strategic. As we continue to grow and expand the capabilities of our new AI-centric platform, we’re looking for bold thinkers and builders who are excited to shape the next chapter of legal tech.
If you're energized by meaningful work, love solving complex problems, and want to help modernize how legal teams operate, we’d love to meet you.
Onit, Inc. is seeking a seasoned security professional to strengthen the security of our enterprise SaaS applications and corporate infrastructure. In this role, you’ll lead cloud security initiatives, drive incident response, and collaborate across teams to ensure a robust security posture. If you’re passionate about solving complex security challenges and influencing best practices, we’d love to hear from you.
Responsibilities:
- Support the Onit security function during US Central Time business hours.
- Implement and manage cloud-native security tools and third-party solutions for threat detection and incident response.
- Define, maintain, and execute the Incident Response plan, investigating and resolving incident escalations.
- Perform regular risk assessments and vulnerability scans of cloud infrastructure, ensuring timely remediation.
- Collaborate with Dev, DevOps, and Infra teams to remediate identified vulnerabilities, discuss security best practices, and assist with security incident response.
- Analyze EDR alerts and logs to identify potential security incidents, taking appropriate action.
- Continuously evaluate and implement security tools and practices to enhance the security posture of the Onit environment.
- Assist with application security reviews and threat modeling.
- Assist with security awareness programs for employees regarding security best practices
Requirements:
- Minimum of 5 years of experience in information security, with at least 3 years focused on cloud security for enterprise SaaS applications.
- Proficient in AWS with a strong understanding of AWS networking/VPC, IAM, Security Groups, EC2, RDS, S3, and containers (EKS/ECS).
- Extensive hands-on experience investigating security incidents, along with the creation, management, and execution of security runbooks / playbooks.
- This includes the ability to search logs in CloudTrail, CloudWatch, VPC Flow logs, etc.
- Experience with tooling for network (e.g. Wireshark) and host forensics
- Knowledge of various AWS Native Security tools, security frameworks, and CSPM tools.
- Experience in security tools such as vulnerability scanners, IDS/IPS, SIEM, firewalls, and endpoint security monitoring.
- Experience with threat detection and threat intelligence.
- Must be proficient in Linux.
- Application security experience with an understanding of SAST, DAST, SBOMs, and other scans and artifacts to help improve application security posture
- Experience with AWS Guard Duty and CrowdStrike or equivalent.
- Strong communication, problem-solving, and collaboration skills.
Desired:
- Experience with Cloudflare and/or AWS WAF configurations.
- Automation experience with one or more of the following: AWS CLI, Bash, Python, Ansible to verify security configurations and automate runbooks is a plus.
- Experience with Microsoft Entra and Mimecast.
- Familiarity with security frameworks such as NIST CSF 2.0.
- Experience with container security (beyond EKS/ECS, e.g., image scanning tools like Trivy).
- Familiarity with CI/CD pipeline security.
- Knowledge of Zero Trust architecture.
- Certifications such as CCSP, AWS Security, OSCP, or equivalent are a plus.
At Onit, we’re committed to offering fair and competitive compensation. In addition to base pay, associates are eligible for an annual discretionary bonus. The final base salary you receive will reflect factors such as your skills, education, experience, and work location.
Benefits & Perks That Support You:
Onit offers a comprehensive total rewards package designed to support the whole employee at work and beyond:
Health Coverage Choices: Three medical plan options, plus dental and vision, so you can choose what fits best. Employees on our HDHP plan also receive employer contribution to the HSA.
Retirement Savings: 401(k) with a 100% match on the first 3% and 50% on the next 2% of employee contributions.
Time Away: Flexible paid time off, 7 sick days, and 9 paid company holidays annually.
Family Support: Exceptional paid leave for birth parents, non-birth parents, and caregivers. Onit also offers surrogacy and adoption reimbursement.
Income Protection: 100% employer-paid life and disability insurance.
Additional Coverage Options: Voluntary benefits including hospital indemnity, critical illness, accident, and even pet insurance.
Tax-Advantaged Accounts: Healthcare FSA, HSA, and dependent care FSA.
Community Engagement: One paid volunteer day each year to give back to the community.
Our Commitment to Applicants
We know that not everyone will check every box in a job description. At Onit, we value diversity, inclusion, and authenticity. If you’re excited about this role but your experience doesn’t align perfectly with every qualification, we encourage you to apply. You may be exactly who we’re looking for.
This position will remain open for applications for 7 calendar days from the posting date.
Top Skills
Ansible
AWS
Aws Waf
Ci/Cd
Cloudflare
Cloudtrail
Cloudwatch
Edr
Ids
Ips
Linux
Python
Security Tools
SIEM
Vulnerability Scanners
Similar Jobs
.png)
Big Data • Healthtech • HR Tech • Machine Learning • Software • Telehealth • Big Data Analytics
The Senior Security Engineer will secure patient data, lead security initiatives, manage vulnerabilities, and advocate for a security culture in the organization.
Top Skills:
AWSElasticsearchIstioKubernetesNatsNode.jsPostgresPythonReactTerraformTypescript
Artificial Intelligence • eCommerce • Information Technology • Internet of Things • Automation
As a Senior Security Engineer, you'll design and manage IAM and IGA solutions, collaborating across Agile teams to enhance security and compliance.
Top Skills:
Azure Active DirectoryEntra IdForgerockIamIdentity Governance And AdministrationMimOauthOidcOktaSailpointSAMLScim
AdTech • Artificial Intelligence • Big Data • Machine Learning • Marketing Tech • Mobile • Software
The Senior Security Engineer will establish secure software development standards, conduct security assessments, and develop security tools while fostering a security-conscious culture across teams.
Top Skills:
ClojureGoJavaScriptPython
What you need to know about the Boston Tech Scene
Boston is a powerhouse for technology innovation thanks to world-class research universities like MIT and Harvard and a robust pipeline of venture capital investment. Host to the first telephone call and one of the first general-purpose computers ever put into use, Boston is now a hub for biotechnology, robotics and artificial intelligence — though it’s also home to several B2B software giants. So it’s no surprise that the city consistently ranks among the greatest startup ecosystems in the world.
Key Facts About Boston Tech
- Number of Tech Workers: 269,000; 9.4% of overall workforce (2024 CompTIA survey)
- Major Tech Employers: Thermo Fisher Scientific, Toast, Klaviyo, HubSpot, DraftKings
- Key Industries: Artificial intelligence, biotechnology, robotics, software, aerospace
- Funding Landscape: $15.7 billion in venture capital funding in 2024 (Pitchbook)
- Notable Investors: Summit Partners, Volition Capital, Bain Capital Ventures, MassVentures, Highland Capital Partners
- Research Centers and Universities: MIT, Harvard University, Boston College, Tufts University, Boston University, Northeastern University, Smithsonian Astrophysical Observatory, National Bureau of Economic Research, Broad Institute, Lowell Center for Space Science & Technology, National Emerging Infectious Diseases Laboratories
