Engineering Manager, Security

EvenUp is on a mission to close the justice gap using technology and AI. We empower personal injury lawyers and victims to get the justice they deserve. Our products enable law firms to secure faster settlements, higher payouts, and better outcomes for victims injured through no fault of their own in vehicle collisions, accidents, natural disasters, and more.

We are one of the fastest-growing vertical SaaS companies in history, and we are just getting started. EvenUp is backed by top VCs, including Bessemer Venture Partners, Bain Capital Ventures, SignalFire, and Lightspeed. We are looking to expand our team with talented, driven, and collaborative individuals who seek to have a lasting impact. Learn more at www.evenuplaw.com.

🎥 Life as an Engineer at EvenUp

Today, our engineering team is roughly 120 people, but by the end of 2026, we’ll roughly double in size. As we grow, we’re looking for a strong Manager to work cross-functionally and manage our security and IT teams within our infrastructure team. We need a hands-on Security Manager to lead our Security efforts and drive our growth. You’ll help us evaluate whether to build or buy security solutions.

What You’ll Do:

• Security Strategy & Team Leadership - Define EvenUp's security roadmap and lead a growing Security & IT team. Serve as the internal authority on risk and security posture, advising engineering, legal, and the executive team. Hire and develop talent as the function scales.

• Compliance (SOC 2 & HIPAA) - Own our SOC 2 Type II and HIPAA programs end-to-end: gap assessments, control design, audit readiness, and ongoing compliance. Maintain policies and procedures, manage auditor relationships, and stay ahead of evolving regulatory requirements.

• Product Security - Partner with Engineering to embed security into the SDLC through threat modeling, secure design reviews, and vulnerability management (SAST, DAST, pen testing). Champion a shift-left, security-by-design culture across the product org.

• Corporate IT & Infrastructure Security - Own corporate IT systems (MDM, SSO/IdP, endpoint security, IAM) and cloud security posture. Evaluate and deploy security tooling. Enforce least-privilege and zero-trust principles across the organization.

• Vendor & Third-Party Risk Management - Lead the vendor risk program, including security assessments, contract reviews (BAAs, DPAs), and ongoing monitoring of third-party risk exposure.

• Incident Response & Risk Management - Maintain the risk register, run periodic risk assessments, and own the incident response plan. Lead tabletops, manage live incidents, and coordinate breach notification in partnership with legal.

• Security Culture & Enablement - Drive security awareness across the company through training, documentation, and internal evangelism. Coach engineers and business teams on best practices and build a security-first culture from the inside out.

• Mentorship & Growth: Recruit, mentor, and develop engineers through regular feedback, coaching, and career development. Support performance management, growth planning, and team health.

What We Look For:

• Proven security leadership at a startup or high-growth company - you've built or scaled a security function before, not just maintained one.

• Deep compliance experience - hands-on ownership of SOC 2 Type II and HIPAA programs, from control design through audit. Familiarity with emerging requirements (state privacy laws, AI governance) is a plus.

• Technical depth across the stack - strong working knowledge of cloud security (AWS/GCP/Azure), IAM, endpoint security, and secure SDLC practices. You can go deep with engineers, not just speak to them.

• Product security chops - experience with vulnerability management, threat modeling, and integrating security into fast-moving engineering teams without becoming a bottleneck.

• People leadership - track record of managing and growing small technical teams, with the ability to hire well and develop talent as the function scales.

• Vendor & third-party risk know-how - experience running a vendor risk program, including security reviews, BAAs/DPAs, and ongoing third-party monitoring in a data-sensitive environment.

• Builder mentality - you're equally comfortable writing a policy, configuring a SIEM, presenting to the exec team, and jumping into an incident at 10 pm. You default to doing before delegating.

This is a hybrid role, with an expectation of being in our San Francisco office three days per week.

#LI-Hybrid

Notice to Candidates:

EvenUp has been made aware of fraudulent job postings and unaffiliated third parties posing as our recruiting team – please know that we have no affiliation or connection to these situations. We only post open roles on our career page (evenuplaw.com/careers) or reputable job boards like our official LinkedIn or Indeed pages, and all official EvenUp recruitment emails will come from the domains @evenuplaw.com, @evenup.ai, @ext-evenuplaw.com, no-reply@ashbyhq.com or no‑reply@canditech.io email addresses.

To ensure fairness and proper consideration, we do not accept resumes or expressions of interest via email or social media messages. If you’re interested in a role, please submit your application directly through our careers page.

If you receive communication from someone you believe is impersonating EvenUp, please report it to us at talent-ops-team@evenuplaw.com. Examples of fraudulent domains include “careers-evenuplaw.com” and “careers-evenuplaws.com”.

Benefits & Perks:

As part of our total rewards package, we offer attractive benefits and perks to our employees, including:

• Choice of medical, dental, and vision insurance plans for you and your family.

• Additional insurance coverage options for life, accident, or critical illness.

• Flexible paid time off, sick leave, short-term and long-term disability.

• 10 US observed holidays, and Canadian statutory holidays by province.

• A home office stipend.

• 401(k) for US-based employees and RRSP for Canada-based employees.

• Paid parental leave.

• A local in-person meet-up program.

• Hubs in San Francisco and Toronto.

Please note the above benefits & perks are for full-time employees

EvenUp is an equal opportunity employer. We are committed to diversity and inclusion in our company. We do not discriminate based on race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.