Cloud Security & Compliance Engineer

Job Description

Job Description

Mine Vision Systems is a mining technology company building the decision-making platform for underground mining. We introduce high-fidelity data into the mining workflow that has simply never existed before, enabling operators to move from assumptions to evidence-based decisions. Our digital infrastructure is designed to map, monitor, and manage the underground mining environment with confidence, creating a persistent, data-rich foundation for operational and strategic decision-making. Since the launch of our flagship product, FaceCapture, in late 2023, adoption has accelerated rapidly as customers realize the value of truly understanding their underground operations.

 

We focus on underground mining of critical minerals and precious metals, where small improvements in accuracy and insight drive outsized returns. Our technology delivers millions of dollars in annual value by minimizing overbreak, improving ore calls, enhancing resource models, and enabling a growing set of high-impact applications across the mine lifecycle. By transforming raw underground data into actionable intelligence, Mine Vision Systems empowers mining teams to operate more efficiently, more predictably, and with greater confidence than ever before.

Role Summary 

We are looking for a senior Cloud Security & Compliance Engineer to own MVS’s AWS controls and the compliance program that underwrites our cloud product. You will be the long-term owner of two intertwined workstreams: the AWS infrastructure that runs our cloud platform (Organizations, IAM Identity Center, KMS, networking, S3 hardening, backups) and the compliance posture our customers expect, SOC 2 Type 2 and ISO 27001, with growing scrutiny on data sovereignty as we expand internationally. Until you land, this work is being done, best effort, by the engineering team; your arrival is what lets it become a real, audit-ready program. This role is platform-heavy, security-first, and partner-oriented; it prioritizes hands-on AWS depth, real audit and controls experience, and the judgment to know when to invest in foundation versus when to ship. The right person treats security as something that makes the product easier to sell, not harder to build, and is the calm voice in incident response, not the loud one.

Key Responsibilities

• AWS infrastructure ownership: Own MVS’s AWS account structure, IAM Identity Center, KMS (per-tenant encryption), networking, S3 hardening, backups in a separate account, and the AWS Organizations / SCP baseline; partner with the engineering team through the cloud MVP and own it long-term.
• SOC 2 Type 2 program: Run MVS through its first SOC 2 Type 2 readiness assessment, control design, evidence collection, observation period, auditor engagement, and report delivery. Make the controls real, not theater.
• ISO 27001 + adjacent frameworks: Plan and execute ISO 27001 (and 27017 / 27018) after SOC 2 lands; layer in GDPR-style privacy controls as international customers require them.
• Identity and access: Run IAM Identity Center as the front door to AWS; no long-lived keys, JIT admin elevation, hardware MFA for privileged users, quarterly access reviews.
• Detection and response: Centralize CloudTrail, GuardDuty, Security Hub, AWS Config; tune alerts so they mean something; own the incident-response playbook and exercise it.
• Data protection and tenant isolation: Lock down early choices, per-tenant KMS keys, S3 Object Lock for scan data, signed RTO/RPO targets, and own the multi-tenant isolation pattern through audit. Plan BYOK (customer-managed KMS) for the enterprise mining customers who will eventually ask.
• Compliance partnership across the company: Work with Finance, Sales, and Customer Success on customer-facing security artifacts, trust page, DPA, sub-processor list, breach-notification SLAs, and customer security reviews.
• Pipeline security (partner with Platform Engineering): Define the security controls embedded in the CI/CD pipeline, secret scanning, dependency scanning, SBOM, license compliance, signed artifacts, and audit that the evidence holds up under SOC 2 / ISO scrutiny. The Platform Engineers implement; you set the spec and review.
• Vendor and risk management: Own AWS Support tier engagement, third-party risk reviews, annual pentest cycles, and budget for compliance tooling and external auditors. 

 

Qualifications

• 5+ years of hands-on AWS infrastructure experience — not just talk and diagrams; you have actually run AWS Organizations, IAM Identity Center, KMS, CloudTrail, GuardDuty, S3 hardening, and IaC (Terraform or equivalent) in production.
• Direct experience taking a company through SOC 2 Type 2 or ISO 27001 — readiness, evidence, the auditor cycle, and ideally one or more clean reports already under your belt.
• Strong understanding of multi-tenant isolation patterns and the trade-offs (DB-per-tenant / schema-per-tenant / row-level), and the audit implications of each.
• Working knowledge of GDPR / international privacy frameworks and what cross-border transfer actually requires in practice.
• Comfortable scripting (Python or Bash) and reading code in the languages our team writes (Python, C++) so you can audit what’s deployed, not just what’s documented.
• Strong written communication for both engineers (control specs, runbooks) and external auditors/customer security reviewers, and the judgment to tailor each.
• Bias toward controls engineers can live with, paved road, not roadblock.

Desirable

• Hands-on with AWS Outposts, sovereign-cloud patterns, or regulated-data sovereignty work (Indigenous data, financial reporting integrity, sector-specific controls).
• Background in a regulated industry (mining, financial services, healthcare, defense) where compliance is a customer requirement, not a checkbox.
• Kubernetes security experience, cluster hardening, RBAC, network policies, and container image scanning. Certified Kubernetes Security Specialist (CKS) a plus.
• AWS Certified Security – Specialty (or equivalent demonstrated AWS security depth).
• Familiarity with SBOM, signed-artifact pipelines, and modern supply-chain security.
• Working understanding of AI-assisted development workflows; able to use AI tooling productively in your own day-to-day.

What Success Looks Like

• SOC 2 Type 2 lands without drama. The first report ships on schedule; the second comes routinely.
• AWS posture is real, not aspirational. Tenant isolation decided and enforced; KMS per-tenant in place; CloudTrail and detection actually monitored; root accounts protected.
• Engineers feel safer, not slower. Controls are the paved road; the team reaches for the secure way because it’s the easy way.
• Deals are never blocked on security. A customer’s security review is a 30-minute conversation, not a six-week fire drill.
• You’re the calm voice in incident response. When something happens, you’re already a step ahead, playbooks run, evidence preserved, blast radius known, communication ready.

Benefits

• We are a fast paced and growing company with real robotic hardware in the field around the world, generating actual revenue
• Competitive compensation and full benefits: medical, dental, vision, disability, life insurance, 401(k) with match
• Uncounted PTO policy and flexible hybrid work model
• Small, fast-moving team with hands-on work and immediate impact

Powered by JazzHR

M7lU9J672V