About Kisi

We are Kisi, a physical security tech company revolutionizing how businesses access and secure their spaces.

Founded in 2012, with headquarters in Brooklyn, an office in Stockholm, and a global team, we create innovative, award-winning hardware and compliance-certified software that enable seamless, cloud-based access to offices, facilities, and buildings. Our mission is to ensure ease of access and remote space management, fostering a future where spaces are securely connected and accessible without boundaries.

At Kisi, you’ll join a creative and innovative team with a flat hierarchy, work closely with our co-founders, and enjoy the freedom to work your way with a strong sense of ownership.

If you’re passionate about cutting-edge technology and want to be part of a dynamic team that’s making the world more secure and accessible, we want to hear from you!

Role Summary

The Security Engineering Lead owns Kisi’s overall security engineering and hardening program.

This role is broader than a Security Operations Engineer and more technical than a pure CISO or GRC lead. The person should be able to drive both strategy and execution across Google Workspace, Rippling, GitHub, GCP, production data access, SaaS tools, incident response, and R&D security.

They should be independent from R&D but credible with R&D. They should define security requirements, require remediation, escalate unresolved risk, and work with the CTO/COO on tradeoffs.

Responsibilities

The role owns the security roadmap, risk register, control catalog, exception process, security metrics, and executive reporting.

They define the company’s practical security operating model: what requires approval, what needs logging, what access should be temporary, what exceptions are acceptable, and where executive risk acceptance is needed.

They also drive hardening across corporate systems and cloud infrastructure, oversee phishing resilience and incident readiness, and make sure access to production data, payroll data, customer data, and critical infrastructure is governed.

On the product side, they lead or coordinate reviews for areas such as authorization, tenant isolation, support tooling, audit logs, device-to-cloud flows, OTA, firmware signing, and credential lifecycle.

External agencies may support GCP hardening, product security, embedded security, phishing simulations, or incident response readiness, but this role keeps ownership internal.

Requirements

• Broad experience in security engineering, security operations, cloud security, product security, or security leadership
• Hands-on technical ability; not a policy-only profile
• Strong understanding of IAM, MFA, SSO, SaaS security, cloud posture, CI/CD, logs, secrets, and incident response
• Ability to work across engineering, IT, HR, finance, support, legal, and executive leadership
• Strong judgment around risk prioritization, exceptions, and operational tradeoffs
• Ability to explain risk clearly to executives and turn it into concrete requirements for technical teams

Preferred Experience

• SaaS, IoT, embedded systems, access control, identity, or physical security
• GCP and Google Security Command Center (or similar, e.g. AWS)
• Product security involving APIs, authorization, tenant isolation, admin tools, or customer data
• GitHub, Terraform, Checkov, Cloudflare Zero Trust, or similar tooling (e.g. for dependency scanning)
• SOC 2, ISO 27001, and other enterprise customer security expectations (e.g. HIPAA)

Your process with us

Application > CV screening > Intro call (let’s get to know each other!) > Recruitment task > Technical Interview > Culture Interview > Offer.

After successful interviews and the job offer is signed, we will conduct a background check.