About Command|Link

Command|Link is a global SaaS Platform providing network, voice services, and IT security solutions, helping corporations consolidate their core infrastructure into a single vendor and layering on a proprietary single pane of glass platform. Command|Link has revolutionized the IT industry by tackling the problems our competitors create. In recognition for our unprecedented innovation and dedication, Command|Link was recognized as the SD-WAN Product of the Year, ITSM Visionary Spotlight, UCaaS Product of the Year, NaaS Product of the Year, Supplier of the Year, and the AT&T Strategic Growth Partner. Command|Link has built the only IT platform for scale that solves ISP vendor sprawl and IT headaches. We make it easy for our customers to get more done, maximize uptime and improve the bottom line.

Learn more about us here!

This is a remote position open to candidates residing in the following states: Alabama, Arizona, Arkansas, Florida, Georgia, Indiana, Kansas, Kentucky, Louisiana, Maryland, Michigan, Mississippi, Missouri, Nevada, New Hampshire, North Carolina, Ohio, Oklahoma, South Carolina, Tennessee, Texas, Utah, Virginia, Wisconsin

About your new role:

We are not looking for a security checkbox-filler. We are looking for a senior security engineer who is ready to take deep ownership of our product security posture by elevating our practices, formalizing programs, and driving measurable outcomes across a fast-moving engineering organization.

You will operate at the intersection of engineering and security, partnering directly with engineering leaders and product teams to embed security into every layer of our SDLC. You'll own our vulnerability management posture, drive secrets hygiene and credential lifecycle practices across the organization and drive our threat modeling framework deeper into how we design and ship software. Your work will protect the infrastructure of thousands of enterprise customers who depend on Command|Link every day.

This role requires someone who can lead without authority, establish credibility with engineering teams, drive measurable outcomes, and build the institutional muscle that scales as the company grows.

Key Responsibilities:

Vulnerability Management Program:

• Own and advance Command|Link's vulnerability management program end-to-end, from tooling and deployment through SLA definition and enforcement.
• Define and drive quarterly vulnerability targets, including the goal of zero critical vulnerabilities outstanding across all engineering teams each quarter.
• Partner with engineering leads to integrate vulnerability scanning into CI/CD pipelines and create visibility dashboards that hold teams accountable.
• Triage, prioritize, and track remediation of findings across our cloud infrastructure, application layer, and third-party dependencies.

Secrets Hygiene & Credential Lifecycle:

• Own and drive our company-wide secrets management program, maintaining and enforcing clear standards for how credentials are created, stored, rotated, and retired.
• Partner with engineering teams to meet regular credential rotation targets and enforce consistent hygiene practices across the organization.
• Champion the adoption of dynamic secrets management and modern identity-based access patterns as the default over long-lived static credentials.
• Implement controls and processes to maintain ongoing visibility into credential health and reduce the risk surface associated with credential mismanagement.

Threat Modeling Program:

• Lead and deepen our threat modeling framework, ensuring security evaluation is woven into the SDLC well before features reach production.
• Develop threat modeling templates, playbooks, and training materials that enable engineering teams to self-serve on security reviews for new features and services.
• Conduct threat models for high-risk features, new service designs, and major architecture changes, producing actionable remediation guidance.
• Ensure security requirements derived from threat models are tracked as first-class engineering deliverables.

Security Champion & Culture:

• Act as the internal security advocate, growing our Security Champions program and deepening security ownership across each engineering team.
• Deliver security awareness training, conduct secure code review workshops, and build the documentation and runbooks that scale your impact beyond your direct work.
• Partner with Product and Engineering leadership to ensure security is a named requirement in product roadmap planning.

Compliance & Risk:

• Support and advance our SOC 2 and other compliance postures by ensuring technical controls are implemented, documented, and auditable.
• Identify, assess, and communicate security risk in business terms, helping leadership make informed trade-off decisions.

Takes on additional responsibilities and projects as needed to support the success of the team and organization.

What you'll need for success:

Experience:

• 8+ years of experience in security engineering, application security, or product security roles, with at least 3 years in a senior or lead capacity.
• Demonstrated experience building or maturing security programs in high-growth SaaS environments, with a track record of driving measurable improvements.

Vulnerability Management:

• Hands-on experience with SAST, DAST, SCA, and container scanning tools (e.g., Snyk, Semgrep, Trivy, Wiz, Qualys, or equivalents).
• Proven ability to integrate scanning tooling into CI/CD pipelines (GitHub Actions, GitLab CI, or similar) and drive cross-team remediation at scale.

Secrets & Credential Security:

• Deep familiarity with secrets management solutions such as HashiCorp Vault, AWS Secrets Manager, or Azure Key Vault.
• Experience auditing codebases and infrastructure for static credentials and leading large-scale rotation and migration efforts.

Threat Modeling:

• Proficiency in structured threat modeling methodologies (STRIDE, PASTA, or equivalent) and experience delivering programs that engineers actually use.
• Ability to translate threat models into concrete, prioritized engineering requirements.

Cloud & Infrastructure:

• Strong understanding of cloud security posture across AWS, Azure, and/or GCP, including IAM, network security groups, storage policies, and logging.
• Comfort working in containerized, microservices environments (Kubernetes, Docker).

Communication & Leadership:

• Exceptional ability to communicate risk and security requirements to both technical and non-technical audiences.
• A track record of driving security outcomes through influence rather than mandate, building trust with engineering teams rather than friction.

Why you'll love life at Command|Link

Join us at CommandLink, where you'll have the opportunity to shape the future of business communication. We value the innovative spirit and seek individuals ready to bring their unique vision and expertise to a team that values bold ideas and strategic thinking. Are you ready to make an impact?

• Room to grow at a high-growth company
• An environment that celebrates ideas and innovation
• Your work will have a tangible impact
• Generous Medical, Dental, and Vision coverage for full-time employees
• Flexible time off  
• 401k to help you save for the future
• Fun events at cool locations
• Free DoorDash lunches on Fridays
• Employee referral bonuses to encourage the addition of great new people to the team

Commandlink hires individuals in a number of geographic regions and the pay ranges listed reflect the cost of labor across these regions. The base pay for this position as displayed at the bottom of the job description is a range based on our lowest geographic region, up to our highest geographic region. Pay is based on location among other factors, such as skill-set, experience, and qualifications held.

At CommandLink, we’re committed to creating a fair, consistent, and efficient hiring experience. As part of our process, we use AI-assisted tools to help review and analyze applications. These tools support our recruiting team by identifying qualifications and experience that align with the requirements of each role.

AI tools are used only to assist in the evaluation process — they do not make final hiring decisions. Every application is reviewed by a member of our recruiting or hiring team before any decisions are made.