About this Information Security Operations Specialist role at Altaml
About the Role:
As our next Information Security Operations Specialist, you own the daily operational information security activities at AltaML, moving beyond basic checklist execution to deliver measurable security resilience. You will safeguard our corporate and production infrastructure, optimize automated defense networks, and proactively counter sophisticated software supply chain and AI-specific threats.
Required Results
-
SOC2 Continuity & Program Expansion
Maintain the existing SOC2 program with 100% continuous compliance across all controls. Partnering closely with the IT team for execution and infrastructure support, you will successfully plan and implement foundational controls required for future security programs (e.g., ISO27001) as the enterprise scales.
KPI: Zero major non-conformances during external audits; 100% of compliance evidence is accurate and collected on time. -
AI-Powered Red Teaming
Plan, configure, and operate our automated AI-powered red team program to independently uncover vulnerabilities before they can be exploited.
KPI: Successfully execute scheduled automated adversarial simulations, delivering clear technical risk documentation and measurable remediation roadmaps. -
Intelligent Threat Monitoring (SIEM)
Manage, calibrate, and continuously improve our AI-supported SIEM platform to optimize visibility and protection across environments.
KPI: Minimize Mean Time to Detect (MTTD) and Mean Time to Respond (MTTR) while reducing false-positive alerts by 20% annually through rule tuning. -
Supply Chain & Vulnerability Resilience
Proactively monitor, triage, and mitigate CVEs, third-party software vulnerabilities, and potential software supply chain attacks.
KPI: 100% of critical zero-day vulnerabilities are assessed and mapped to definitive threat response plans within established SLA windows. -
Cross-Functional Engineering Security Coordination
Coordinate security activities and facilitate the seamless integration of detective and protective controls directly within the engineering lifecycle and IT architecture solutions.
KPI: 90% of development pipeline security review findings are collaboratively triaged and resolved without delaying production deployment. -
Agentic AI Secure Enablement
Establish and execute a comprehensive security evaluation and governance framework for third-party, off-the-shelf Agentic AI platforms (e.g., Claude Desktop) connecting to AltaML’s systems.
KPI: 100% of target enterprise AI tools are evaluated against strict data privacy boundaries, session guardrails, and identity controls before access is authorized.
What You'll Do:
Threat Monitoring & Incident Operations (25%)
Manage and improve the AI-supported SIEM, network monitoring tools, and alerting infrastructure.
Respond to operational security incidents, investigate anomalies, and execute vulnerability analysis.
Compliance, Audits & IT Team Collaboration (20%)
Conduct internal security reviews against compliance baselines (SOC2, ISO27001).
Collaborate with the IT administration team to execute controls and ensure system accounts sync correctly across in-scope applications.
Adversarial Simulation & AI Red Teaming (20%)
Operate and tune automated AI-powered red teaming platforms.
Deploy ethical hacking techniques to safely test internal systems, cloud infrastructure, and network boundaries.
Secure Engineering & Architecture Integration (15%)
Work closely with development and architecture teams to design secure infrastructure solutions.
Embed security guardrails into code workflows to catch software supply chain threats early.
Emerging AI Technology Governance (10%)
Evaluate risks associated with new third-party AI agents and desktop integrations.
Define identity controls, data boundaries, and safe configurations for user tool adoption.
Reporting, Policies & Documentation (10%)
Create and maintain controls, policies, SOPs, and technical security guidelines.
Provide senior leadership with clear metrics and reporting on security incidents and posture maturity.
What You Bring:
Experience: 3–5 years of dedicated professional experience in an Information Security operations or engineering capacity (ideally in a fast-paced SaaS, cloud-native, or startup environment).
Compliance Literacy: Practical familiarity with maintaining or supporting a formal security certification program (such as SOC2 or ISO27001).
Technical Domain Knowledge: Good understanding of cloud computing security concepts, modern SIEM setups, firewalls, data encryption, and identity directories.
OS Agility: Hands-on comfort securing and navigating diverse operating systems, specifically MacOS, Linux, and Windows infrastructure.
Education: A related technical degree or diploma in a matching field (e.g., Computer Science, Cybersecurity, Systems & Network Administration) or equivalent deep practical experience.