Security Specialist

Salary: $60K - $85K Location Type: Remote Employment Type: Full-Time

---

About Kojo

It's time to build. Whether it's creating more housing, upgrading our infrastructure, or adapting to climate change, one thing is clear: the construction industry is at the center of solving our biggest problems. We’re making buildings cheaper and easier to build by transforming the way commercial construction companies buy their materials. Join us.

Founded in 2018, Kojo is now one of the fastest-growing construction technology companies in the world. Construction accounts for $10 trillion in global spend annually and we can’t live without its output - our roads, schools, hospitals, and offices. Despite this, there’s been very little innovation over the past 70 years in how materials - which constitute up to 40% of project costs - are bought and sold. This is our opportunity.

---

About the Role

Kojo is looking for a Security Specialist to lead and scale our security and compliance efforts. This IC role sits within the Infrastructure team, not operations, and blends hands-on technical work with audit readiness, policy management, and risk oversight. You’ll be the go-to expert for SOC 2, AWS security, incident response, and access control as we grow.

This is not a checkbox compliance role; you’ll directly influence how security is built, enforced, and maintained across our infrastructure.

---

What You'll Do

• Own and lead our SOC 2 Type I & II readiness, audits, and ongoing compliance.
• Develop and enforce internal security policies and controls.
• Improve and monitor AWS security posture (IAM, GuardDuty, encryption, etc.).
• Manage secrets (Vault, AWS Secrets Manager), access, and vulnerability remediation.
• Triage real-time security alerts and lead incident response efforts.
• Support secure CI/CD practices, infrastructure as code, and engineering reviews.
• Partner with leadership and auditors for security reviews and vendor risk management.

---

What We're Looking For

• 5+ years in security, infrastructure, or DevOps roles.
• Proven ownership of SOC 2 Type II audit cycles at a SaaS company.
• Hands-on AWS security experience; familiarity with Terraform, CI/CD pipelines.
• Experience with tools like Datadog, Snyk, or other SIEM platforms.
• Strong written communication for policies, incident logs, and audit evidence.
• Startup-minded: proactive, self-sufficient, pragmatic, and collaborative.

Nice to Have

• Familiarity with Vanta, Drata, ISO 27001, or similar compliance tools.
• Basic secure coding knowledge or experience with code review support.
• Experience supporting phishing simulations or employee security training.

---

Working at Kojo

Salary

Your salary will be dependent upon many factors, including your experience level, skillset, market dynamics, and balancing internal equity relative to other Kojo employees. The compensation and benefits information that we provide is based on Kojo’s good-faith estimate as of the date of the job posting and may be modified in the future.

Benefits

This position is also eligible for a new hire equity grant, and all US-based full-time employees are eligible for our full suite of perks and benefits. For more information about our perks and benefits, check out https://www.usekojo.com/careers.

Location

Kojo’s team members work from home 100% of the time across North and South America. If applicable, we’ll identify the travel and/or location-specific requirements of a position in the text above. Otherwise, team members can expect to work business hours congruent with their local time zone and remotely.

---

Inclusive Workplace

Kojo values diverse perspectives and is committed to building an inclusive workplace. We are proud to be an equal opportunity workplace and do not discriminate on the basis of sex, race, color, age, sexual orientation, gender identity, religion, national origin, citizenship, marital status, veteran status, or disability status. Pursuant to the San Francisco Fair Chance Ordinance, we consider for employment qualified applicants with arrest and conviction records. We strongly encourage applications from all qualified individuals.