Security / Infrastructure Engineer

Security / Infrastructure Engineer (Contract, Part-Time)

Location: Remote (Americas preferred for overlap)
Engagement: Contract (~100 hours to start, then part-time ongoing)
Compensation: Up to $65/hour (hourly + margin model)

About our Client

Our client is an early-stage legal-tech startup building innovative solutions for law firms and enterprises in the EU, UK, and US. As we prepare for upcoming demos and client trials, we’re looking for a seasoned Security & Infrastructure Engineer to harden our product’s security posture and set the foundation for future compliance (SOC2/ISO).

This is a hands-on role for someone who thrives in early-stage environments, can quickly assess risk, and implement practical, high-impact fixes.

What You’ll Do

First 100 hours (initial contract):

• Perform a security gap assessment of our MVP and infrastructure.

• Deliver a prioritized remediation plan with practical fixes.

• Implement top-priority improvements, including:

  • Secure secrets management and IAM hygiene

  • Encryption at rest/in transit (TLS, key management)

  • Centralized logging & monitoring setup (basic SIEM, alerts)

  • Backup and recovery improvements

• Draft a minimal security runbook and onboarding docs for internal use.

Ongoing (part-time, post-100 hours):

• Harden infrastructure and app security against evolving risks.

• Integrate security checks into CI/CD pipelines (SAST/DAST, dependency scanning).

• Support alignment with SOC2 / ISO compliance requirements.

• Partner with the founder to define policies, workflows, and scalable infra strategy.

What We’re Looking For

Must-Haves:

• 5+ years of hands-on experience in security and infrastructure engineering.

• Expertise in cloud security (AWS, GCP, or Azure) — IAM, networking, VPC, container security.

• Strong knowledge of authentication, authorization, secrets management, encryption.

• Familiarity with centralized logging & monitoring tools (CloudWatch, ELK, Datadog, etc.).

• Experience implementing CI/CD security tooling (Snyk, OWASP ZAP, dependency scanning).

• Ability to work independently with a founder, helping define scope and priorities.

• Excellent communication in English; pragmatic, startup-ready mindset.

Nice-to-Haves:

• Experience in legal-tech, fintech, or other compliance-driven industries.

• Knowledge of SOC2 / ISO 27001 frameworks.

• Familiarity with infra-as-code (Terraform, CloudFormation) and DevSecOps practices.

Why Join Us

• Impact fast: You’ll make a direct difference in securing a product ahead of critical law firm demos.

• Flexibility: Remote, part-time engagement to start (~100 hours), with the potential for ongoing advisory or even full-time.

• Future-facing: Help shape a security and compliance foundation that scales with our legal-tech product.

How to Apply
If you’re a hands-on Security / Infrastructure Engineer looking for a high-impact contract role with flexibility, we’d love to connect. Please share your CV and a short note about your most relevant security/infra achievements.