ABOUT THIS ROLE

As an Application Security Engineer at LVT, you will be a cornerstone of our commitment to building secure-by-design technology. You will partner deeply with our Engineering and Product teams to weave advanced security protocols into every layer of our Software Development Lifecycle (SDLC). This isn’t just about finding bugs; it’s about architecting a proactive security culture and scaling our defenses alongside our rapid growth. You will serve as a technical expert, mentor, and advocate, ensuring our AI-driven platform remains as resilient as it is innovative.

This role is based in-office out of our Headquarters in American Fork, Utah.

ROLE RESPONSIBILITIES

• Strategic Integration: Partner with Product and Engineering to embed reproducible, high-standard security practices directly into the SDLC.
• Defense Engineering: Develop and maintain sophisticated manual and automated security processes to identify, evaluate, and mitigate risks across our software ecosystem.
• Offensive Security: Lead proactive security initiatives including threat modeling, deep-dive code reviews, and offensive security exercises/penetration testing.
• Vulnerability Management: Architect and manage the deployment of vulnerability scanning tools, driving the remediation process to ensure rapid resolution of identified issues.
• Policy Stewardship: Assist in the development and continuous improvement of secure development policies and procedural documentation.
• Technical Translation: Communicate complex vulnerability details and risk assessments to both technical and non-technical stakeholders, ensuring organizational alignment.
• Security Culture: Mentor junior team members and foster a strong, transparent security culture across the company.
• Impact Measurement: Success in this role is measured by the reduction of critical vulnerabilities in production, the speed of remediation cycles, and the successful adoption of security tools by the broader engineering team.

OUR IDEAL CANDIDATE

• Proven Experience: At least 2+ years of professional experience in an Information Security role with a focus on modern application environments.
• Cloud Proficiency: 2+ years of hands-on security experience with AWS and other cloud service platforms.
• Modern Stack Familiarity: Comfortable navigating common web languages and frameworks such as HTML, PHP, Node.js, React.js, Nest.js, and Next.js.
• Pipeline Expertise: A solid understanding of CI/CD tools including GitHub, Docker, Jfrog, CircleCI, and ArgoCD.
• Technical Depth: A comprehensive understanding of common application vulnerabilities (OWASP Top 10) and the tools used to combat them (SAST, DAST, SCA).
• IT Foundations: Strong grasp of IT fundamentals, including operating systems, networking protocols, and the OSI model.
• Compliance Awareness: Familiarity with security frameworks such as CIS, NIST, or ISO/IEC 27001.
• Exceptional Communicator: Ability to articulate risk with clarity and professional poise, maintaining high levels of personal integrity.
• Preferred Credentials: A degree in IT/Security or industry certifications such as Security+, OSCP, GPEN, or ITCA are highly valued.
• Regulatory Experience: Prior experience working within compliance frameworks like SOC2 or FedRAMP is a plus.

BENEFITS

We believe you do your best work when your whole life is supported. We invest in our crew’s health, families, and financial futures with a benefits package designed to support you inside and outside the office.

LVT IS PROUD TO BE AN EQUAL OPPORTUNITY EMPLOYER. 

All applicants will be considered for employment without attention to race, color, religion, sex, sexual orientation, gender identity, national origin, veteran or disability status. All candidates must pass a drug screening and background check upon employment. Some roles may also require passing a federal background check and fingerprinting. Must be authorized to work in the U.S. If reasonable accommodation is needed to participate in the job application or interview process, and/or to perform essential job functions, please reach out to your recruiter.

ABOUT THIS ROLE
The Senior Cloud Security Engineer will join the security engineering team, and will be responsible for designing, implementing, and maintaining robust security measures that protect company cloud environments, applications, and data. The role requires deep technical expertise in modern cloud platforms and a strategic mindset for evolving security challenges.

ROLE RESPONSIBILITIES

• Design, implement, and maintain security controls, processes, and architectures across major cloud environments. 

• Conduct risk assessments, penetration tests, vulnerability management, and system hardening for cloud services and workloads.

• Collaborate closely with engineering, DevOps, compliance, and business stakeholders to enable secure solution delivery and effective risk management.

• Build and maintain Infrastructure as Code (IaC) security practices (Terraform, CloudFormation) and work within CI/CD pipelines to embed security in the software development lifecycle.

• Partner with the GRC team to ensure compliance automation tooling is implemented effectively across required scope.

• Serve as subject matter expert on cloud security technologies, best practices, and emerging threats while providing mentorship to other engineers.

• Lead incident investigations, performing root cause analysis and driving remediation actions.

• Participate in  weekly on-call rotation with the security engineering team.

• Operate and mature our CSPM/CNAPP program, driving posture management, misconfiguration remediation, and continuous control monitoring.

OUR IDEAL CANDIDATE 

• 5+ years of experience securing public cloud environments (AWS, Azure, or GCP), including architecture design and security operations.

• In-depth expertise with cloud security tools and practices: SIEM, IDS/IPS, WAF, identity/access management, encryption, vulnerability management.

• Proficiency with programming and scripting languages (such as Python, Bash, or similar) and automation frameworks.

• Experience in Infrastructure-as-Code (such as Terraform, CloudFormation, Ansible) and DevSecOps practices.

• Experience in CSPM/CNAPP and CWPP tooling and workflows.

• Knowledge of network and application security: firewall management, network segmentation, secure API design.

• Excellent communication, documentation, teamwork, and analytical problem-solving skills. We’re looking for a hands on keyboard, self-starter who understands risk and prioritizes the most impactful work.

• Experience with SOC 2 Type 2 and FedRAMP a plus

COMPENSATION

The beginning annual salary range for this role is $190,000.00 - $250,000.00 USD and is determined by location, job-related experience, and education/training. Your total earning potential is amplified by a bonus structure tied to meeting goals, and you will become an owner from day one through our employee equity program.

BENEFITS

We believe you do your best work when your whole life is supported. We invest in our crew’s health, families, and financial futures with a benefits package designed to support you inside and outside the office.

LVT IS PROUD TO BE AN EQUAL OPPORTUNITY EMPLOYER.

All applicants will be considered for employment without attention to race, color, religion, sex, sexual orientation, gender identity, national origin, veteran or disability status. All candidates must pass a drug screening and background check upon employment. Some roles may also require passing a federal background check and fingerprinting. Must be authorized to work in the U.S. If reasonable accommodation is needed to participate in the job application or interview process, and/or to perform essential job functions, please reach out to your recruiter.

#LI-REMOTE

ABOUT THIS ROLE 

LVT is actively seeking a highly motivated and detail-oriented Information Security Analyst (GRC) to join our growing Information Security team. This role will report directly to the Information Security Manager (GRC). This position is designed for an individual eager to delve deeply into the operational aspects of Governance, Risk, and Compliance, directly supporting LVT’s steadfast commitment to security excellence and regulatory adherence as the business continues its innovative scaling.

LVT values managing risk in alignment with our customer’s and stakeholder’s expected levels. We design, implement, and monitor controls that reduce real risk. The Information Security Analyst (GRC) will work with Management to operate key GRC processes. The primary focus of this hands-on position will be answering customer security questionnaires, performing risk assessments and internal audits, developing and maintaining policies, being a liaison for our external auditors, and helping to identify, manage, and reduce risk across our environment.

ROLE RESPONSIBILITIES

• Support LVT’s annual SOC 2 audit.
• Facilitate effective communication and coordination with internal SOC 2 control owners. 
• Proactively assist in identifying, analyzing, and resolving audit concerns or control deficiencies, proposing initial remediation steps. 
• Document audit outcomes, lessons learned, and recommended improvements post-audit. 
• Execute control testing, including evidence collection and documentation.
• Develop  LVT’s security policies, submitting them for approval, and ensuring alignment with organizational standards.
• Maintain and update the risk register to ensure accurate and timely recording of identified risks and their mitigation status.
• Maintain GRC documentation to ensure accuracy, accessibility, compliance with internal controls
• Execute quarterly  user access reviews.

OUR IDEAL CANDIDATE

• 1-3 years of experience with Information Security, GRC or IT Audit roles.
• Highly organized and can multitask and juggle multiple priorities.
• Familiarity with leveraging and applying AI tools and technologies to automate routine GRC tasks and improve program efficiency.
• Practical experience with SOC 2 audit processes including proficiency in control testing, evidence collection, and internal coordination.
• Familiarity with information security and risk frameworks.
• A foundational understanding of business operations and how security controls impact business functions. 
• Effective verbal and written communicator.
• Desire to work directly with key stakeholders, including customers.
• Hunger to learn and grow their abilities.
• Consistently demonstrates high integrity and transparency.
• Willing to take on tasks with a positive attitude, but also speaks up on concerns.
• A Bachelor's degree in Information Security, Computer Science, Information Technology, Business, or a related field, or equivalent practical experience, is preferred. 
• Experience working with GRC platforms (e.g., Drata, Vanta, ZenGRC) and project management tools (e.g., Jira, Asana) is helpful.
• Relevant professional certifications such as CompTIA Security+, CISA, CC, or CRISC are a plus

ABOUT THIS ROLE 

LVT is actively seeking a highly motivated and detail-oriented Information Security Manager (GRC) to join our growing Information Security team. This role will report directly to the Information Security Director (GRC). This position is designed for an individual eager to delve deeply into the operational aspects of Governance, Risk, and Compliance, directly supporting LVT’s steadfast commitment to security excellence and regulatory adherence as the business continues its innovative scaling.

LVT values managing risk in alignment with our customer’s and stakeholder’s expected levels. We design, implement,  and monitor controls that reduce real risk. The  Information Security Manager (GRC) will play an instrumental role in driving key operational GRC initiatives. The primary focus of this hands-on position will be the end-to-end management of LVT’s SOC 2 audit processes, initiating third-party risk assessments, actively contributing to the policy review and approval lifecycle, and documenting and treating risks in our risk register. 

Fostering collaborative relationships and good communication is critical as you will work closely with cross-functional teams across the organization to integrate GRC standards and principles into LVT’s operations. This role demands exceptional organizational skills, both strategic vision and tactical efforts, and the ability to build and mentor a team of security professionals to meet both current and future GRC challenges.

ROLE RESPONSIBILITIES

• Manage LVT’s annual SOC 2 audit and other audits as necessary.  
• Collaborate with IT, Finance, and Legal to represent Information Security in various cross-functional processes including vendor risk, contractual terms , and customer security questions.
• Identify inefficiencies in different GRC processes and improve them.
• Design and manage regular internal audits of security controls.
• Implement automated control monitoring and evidence collection.
• Create, review, and maintain LVT’s security policies.  
• Maintain LVT’s risk register to ensure accurate and timely recording of identified risks and their mitigation statuses.  
• Build strong relationships with risk owners to drive program buy-in, accountability, and ownership.
• Work with SalesOps to develop an approach to customer security questionnaires.
• Mature our public-facing Security Trust Center to enhance transparency, showcase LVT’s commitment to security, and streamline the sales process.
• Identify and operationalize ways to automate tools and processes to improve LVT’s compliance program efficiency and collaboration across multiple teams.
• Establish and maintain measurable GRC program metrics to quantify effectiveness, highlight progress, and drive continuous improvement.

OUR IDEAL CANDIDATE

• 5+ years of experience with Information Security, GRC or IT Audit roles, demonstrating a growing understanding of GRC concepts and methodologies. 
• Experience managing a GRC function and staff.
• Effective writing skills for tasks such as policy review and approval, developing risk treatment plans, and creating audit documentation and responses for external auditors.
• Strong organizational skills and attention to detail for managing documentation, audit evidence, and maintaining accurate GRC records.
• Proven track record of developing and implementing policies and procedures, assessing and prioritizing risks, and maturing security compliance programs.
• Substantial experience with regulatory frameworks and standards, such as NIST, SOC 2, ISO 27001, and FedRAMP.
• Experience communicating detailed security concepts, risks, and controls to both technical and non-technical stakeholders.
• Outstanding interpersonal and leadership skills that inspire collaboration and drive alignment across teams.
• Demonstrates an ability to lead effectively in dynamic, fast-paced environments, balancing strategic vision with tactical execution to respond to evolving security needs.
• Experience working with GRC platforms (e.g., Drata, Vanta, ZenGRC) and project management tools (e.g., Jira, Asana) is a plus.
• A Bachelor's degree in Information Security, Computer Science, Information Technology, Business, or a related field, or equivalent practical experience, is preferred. 
• Relevant professional certifications such as CISSP, CompTIA Security+, CISA, or CRISC are highly desirable.

ABOUT THIS ROLE

Reporting to the Chief Legal Officer, you will be a foundational member of a legal team that prioritizes speed and precision. While you will handle the essential blocking and tackling of a legal department—including contracts, corporate maintenance, and compliance—your real “product” is efficiency. We aren’t looking for a traditionalist; we need a technophile with a growth mindset who looks at manual processes and finds a smarter way forward.

This role is based fully onsite at our Headquarters in American Fork, Utah.

ROLE RESPONSIBILITIES

• Drive the Legal Tech Stack: Partner with Legal Ops to implement and manage our CLM (Contract Lifecycle Management), e-signature tools, and AI-driven legal assistants.
• Scale the Contract Engine: Support the drafting and initial review of NDAs, vendor agreements, and sales contracts using templates and playbooks you will help refine.
• Corporate Housekeeping: Manage state filings, insurance claims, business licenses, and corporate records with a focus on digital organization and automated alerts.
• AI & Innovation: Assist the CLO in the ethical application of AI within legal workflows, acting as an early adopter for tools that help the team move at the speed of business.
• Project Management: Act as the glue for cross-functional projects between Legal, Finance, Customer Support, and Sales to ensure seamless execution during rapid expansion.
• Process Optimization: Continuously audit existing legal workflows to identify bottlenecks and implement automated solutions.
• Compliance Oversight: Maintain an accurate database of corporate compliance requirements and ensure all filings are completed ahead of deadlines.

OUR IDEAL CANDIDATE

• Growth Mindset: You view “I don’t know how to do that” as the beginning of a sentence, not the end, and stay ahead of evolving legal industry trends.
• Tech-First Approach: You are comfortable—and excited—by new software and have a natural aptitude for utilizing AI to streamline professional tasks.
• Efficiency Obsessed: You have a proactive habit of automating mundane tasks to focus on high-impact, meaningful work.
• Low Ego, High Impact: You are willing to “grab an oar” and row, taking full ownership whether you are managing high-level compliance or organizing digital folders.
• Experienced Professional: You bring 2+ years of experience in a legal environment (law firm or in-house) with a proven track record of handling high volumes of work.
• Academic Foundation: You hold a Bachelor’s degree or a Paralegal Certificate (equivalent experience in a fast-paced tech environment will also be considered).
• Exceptional Communicator: You possess elite written communication skills and a customer-service approach toward internal stakeholders in Sales, HR, and Product.
• Mission Aligned: You naturally align with LVT’s core values: you Own It, you Do Right, and you always Pursue Excellence.