About us
Advocate Technologies is an insurance technology company providing modern insurance operations for lenders. Advocate was built by a world-class team across the United States and Europe.

We transform lenders’ insurance functions across compliance, monetization, and analytics with better software and services developed by our world-class engineering and product development teams.

Our software solution empowers Advocate’s review team to efficiently assess and verify borrower insurance compliance for real estate and business loans (pre-closing) ranging from $100K to $100M. Over the past 12 months, we have grown fourfold to become an industry leader, reaching millions of dollars in revenue.

👉 To learn more about Advocate, visit www.tryadvocate.com.

About the role

We're hiring a Security Engineer to help scale platform security, compliance, and enterprise trust across our core systems.

This role owns day-to-day security operations — including monitoring, vulnerability management, and penetration testing — while ensuring compliance readiness and fast, scalable enterprise due diligence. You'll work closely with engineering, product, QA, and sales to ensure security is embedded into how we build, operate, and sell the platform.

This role focuses on four things:

• Platform & infrastructure security operations

• Continuous compliance (SOC 2 Type II, ISO)

• Fast, scalable customer and sales due diligence

• Secure and responsible AI usage

What you'll be doing

Platform & Infrastructure Security

• Own security monitoring across servers, cloud infrastructure, and production systems

• Investigate alerts, detect suspicious activity, and lead security incident response

• Run vulnerability scanning, triage findings, and drive remediation with engineering

• Coordinate penetration tests and third-party security assessments

• Track, prioritize, and close findings from pen tests, audits, and security reviews

• Improve logging, alerting, and detection capabilities over time

Compliance Operations

• Run day-to-day SOC 2 Type II and ISO compliance programs

• Ensure controls are operating, evidenced, and continuously maintained

• Translate operational security activities into audit-ready evidence

• Reduce audit friction through better tooling, workflows, and automation

Sales & Customer Due Diligence (Including AI Agent Ownership)

• Own security and compliance documentation used in enterprise sales

• Respond to customer security questionnaires, audits, and trust reviews

• Partner with Sales to unblock deals impacted by security concerns

• Own the roadmap and outcomes for an internal AI agent used to support due diligence by:

– Defining requirements, guardrails, and success metrics

– Ensuring accurate, consistent, and secure responses

– Partnering with engineering or vendors on implementation

– Maintaining auditability and control over outputs

• Continuously improve the efficiency and reliability of due diligence workflows

Security Enablement & Engineering Partnership

• Partner with engineering early to identify and mitigate security risks

• Review architecture and platform changes for security impact

• Support secure development practices and internal security testing

• Help security scale alongside platform growth

AI Security & Safe Usage

• Define and enforce guardrails for AI usage across the platform

• Prevent data leakage, misuse, and prompt-related risks

• Ensure AI-powered features and internal AI systems are auditable, observable, and enterprise-ready

• Partner with product and engineering to evolve responsible AI practices

What success looks like

• Security incidents are detected early and handled effectively

• Vulnerabilities and pen test findings are prioritized and resolved

• SOC 2 and ISO audits are predictable and low-stress

• Sales due diligence is fast, consistent, and scalable

• Security reviews rarely block product releases or enterprise deals

• AI systems operate with clear controls and enterprise trust

What we're looking for

• 4+ years of experience in security engineering, platform security, or infrastructure security

• Hands-on experience with cloud security, monitoring, and production systems

• Experience running vulnerability management and penetration testing programs

• Experience supporting SOC 2 Type II and/or ISO compliance

• Strong understanding of authentication, authorization, and data protection

• Comfortable working cross-functionally with engineering, product, and sales

Nice to have

• Enterprise SaaS / B2B security experience

• Familiarity with SIEM, alerting, or security monitoring tools

• Automation of security or compliance workflows

• Experience owning internal tools or cross-functional security initiatives