Back to jobs
New

Security Engineer

South Jordan, UT

Security Engineer

Canopy, South Jordan, UT

About Us

Canopy is a fast-growing SaaS company in South Jordan, Utah building simple, efficient software for accounting firms. We are looking to revolutionize the accounting space with modern, user-friendly software for a neglected industry. We aim to help our clients unlock the firm they’ve always wanted with our Practice Management Suite. We place a strong emphasis on delighting our customers, spotting and solving problems, and being good people along the way. And we just secured $70M in Series C funding to help us fulfill that mission.

Click here to see why our clients (and investors) love Canopy.

Interested in learning more about Canopy & the industry? Check out our blog here where you can find great information on our product features, industry news, practice management, and more!

Job Description

Canopy is looking for a Security Engineer to join our growing security team and help execute on our security roadmap. In this role, you will focus on detection engineering, compliance operations, and customer-facing security activities. You will write and tune detection rules in our SIEM, support SOC 2 audits and Trust Services Criteria expansion, respond to customer security questionnaires, and assist with endpoint security operations. This is a great opportunity for someone who thrives on operational security work and wants to grow within a collaborative, fast-moving SaaS environment.

This can be a hybrid position in South Jordan, Utah (M, W, F in-office) or fully remote based from Utah, reporting to the Director of DevOps, Security & IT.

What You’ll Do

  • Write, tune, and maintain detection rules in Datadog (SIEM) to identify threats, reduce false positives, and improve alert quality across the environment.
  • Support SOC 2 audit cycles, including evidence collection, control mapping, and auditor coordination within Drata.
  • Drive progress on Trust Services Criteria (TSC) expansion and CIS Controls v8 implementation, mapping controls and documenting compliance evidence.
  • Respond to customer security questionnaires and support customer-facing compliance activities.
  • Assist with endpoint security operations under the direction of a Senior Security Engineer, including JAMF Pro, SentinelOne or CrowdStrike Falcon, and Cloudflare Zero Trust (DLP, SWG, CASB).
  • Help maintain and improve compliance documentation, security policies, and internal procedures.
  • Execute on security roadmap items, contributing to projects across detection, compliance, and operational security.

What We’re Looking For

  • 3+ years of experience in information security, with hands-on experience in detection engineering, compliance operations, or security operations.
  • Experience working at a SaaS company.
  • Practical detection engineering skills, including writing and tuning rules in a production SIEM (Datadog preferred, Splunk, Elastic, or similar).
  • Hands-on experience with a GRC platform (Drata, Vanta, or equivalent), not just theoretical SOC 2 knowledge.
  • Experience responding to customer security questionnaires and supporting external audits.
  • Familiarity with compliance frameworks such as SOC 2, CIS Controls, or NIST CSF.
  • Strong attention to detail and ability to manage multiple compliance and security workstreams simultaneously.
  • Clear written and verbal communication skills, particularly for customer-facing compliance work.

Nice to Have

  • Experience with endpoint security tools (JAMF Pro, SentinelOne, CrowdStrike Falcon, or Cloudflare Zero Trust).
  • Familiarity with macOS MDM/fleet management and endpoint hardening.
  • Exposure to DLP policy authoring, secure web gateway deployment, or CASB configuration.
  • Relevant certifications (Security+, GSEC, CCSK, or similar).
  • Experience with AWS security services or cloud security fundamentals.

We know many women do not apply for a job if they don’t perfectly fit the description. We want you to apply anyway.

Why You Want to Work Here

🌴 Flexible Paid Time Off - you’re actually encouraged to use, plus 10 company holidays! 

❤️‍🩹 Health Benefits - including Medical, Dental, and Vision and an HSA Match. 

💰 401(k) - we match 100% up to 3% of your contribution. Eligibility is immediate with 100% vesting.

🧠 Mental Health -  all employees have access to Impact Suite & to our Employee Assistance Program (EAP).

👶 Paid New Parent Leave & Birthing Parent Leave - so you’re able to care for your little ones.

➕ Supplemental Benefits - including 100% company paid Basic Life & AD&D insurance and long & short-term disability coverage.

🌟 Nectar - our peer-to-peer recognition program to help our employees recognize the amazing work being done by other Canopians!

🥳 Company Events - including monthly company-wide meetings, summer parties, and more.

💡 ERG Committees - to plan initiatives around continuing education, community outreach, recruiting, onboarding, and more.

☕ Fully-stocked kitchen - Keto? Vegan? Flexitarian? Mandalorian? We’ve got you covered. 

Our Values

We approach our work every day with a few things in mind:

🔑 Own - We own this place! We focus on outcomes, holding ourselves & each other accountable.

🏆 Win - We win by delighting our customers with the very best products and services.

👍 Do Good - We work hard to be good people!

💡 Embrace Curiosity & Candor - We approach everything with curiosity & we understand that candor is kindness and give the gift of feedback.

:rocket: Act Startup Fast - We know the best way to become a world-class company is to always act like a tiny startup: fast, hungry, intense, and scrappy. But especially fast.

To learn more about us & our values, click here.

Interviewing @ Canopy

Application processes can be a little stressful. Here are the stages of a typical interview process at Canopy:

  • Once your application is received, we will review it and get back to you if we feel like it’s a mutual fit! 
  • 20-minute phone call with the People Team
  • 45-60-minute video or in-person interview with the Hiring Manager
  • 1-3 rounds of interviews, depending on the role
  • Final Interview

Interview processes can vary depending on the role. The People Team will give you a role-specific overview of the process during your first phone call. 

Remember: This is your interview too! We know candidates are evaluating us just as much as we are them. We encourage you to bring questions to each of your interviews—our hiring teams will always make sure to save time for questions at the end! 

Canopy is an equal-opportunity employer. Canopy provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, gender, national origin, sexual orientation, gender identity or expression, age, disability, genetic information, marital status, or veteran status.

Apply for this job

*

indicates a required field

Resume/CV*

Accepted file types: pdf, doc, docx, txt, rtf

Cover Letter

Accepted file types: pdf, doc, docx, txt, rtf

Select...
Select...
Select...

Voluntary Self-Identification

For government reporting purposes, we ask candidates to respond to the below self-identification survey. Completion of the form is entirely voluntary. Whatever your decision, it will not be considered in the hiring process or thereafter. Any information that you do provide will be recorded and maintained in a confidential file.

As set forth in Canopy’s Equal Employment Opportunity policy, we do not discriminate on the basis of any protected group status under any applicable law.

Select...
Select...
Race & Ethnicity Definitions

If you believe you belong to any of the categories of protected veterans listed below, please indicate by making the appropriate selection. As a government contractor subject to the Vietnam Era Veterans Readjustment Assistance Act (VEVRAA), we request this information in order to measure the effectiveness of the outreach and positive recruitment efforts we undertake pursuant to VEVRAA. Classification of protected categories is as follows:

A "disabled veteran" is one of the following: a veteran of the U.S. military, ground, naval or air service who is entitled to compensation (or who but for the receipt of military retired pay would be entitled to compensation) under laws administered by the Secretary of Veterans Affairs; or a person who was discharged or released from active duty because of a service-connected disability.

A "recently separated veteran" means any veteran during the three-year period beginning on the date of such veteran's discharge or release from active duty in the U.S. military, ground, naval, or air service.

An "active duty wartime or campaign badge veteran" means a veteran who served on active duty in the U.S. military, ground, naval or air service during a war, or in a campaign or expedition for which a campaign badge has been authorized under the laws administered by the Department of Defense.

An "Armed forces service medal veteran" means a veteran who, while serving on active duty in the U.S. military, ground, naval or air service, participated in a United States military operation for which an Armed Forces service medal was awarded pursuant to Executive Order 12985.

Select...

Voluntary Self-Identification of Disability

Form CC-305
Page 1 of 1
OMB Control Number 1250-0005
Expires 04/30/2026

Why are you being asked to complete this form?

We are a federal contractor or subcontractor. The law requires us to provide equal employment opportunity to qualified people with disabilities. We have a goal of having at least 7% of our workers as people with disabilities. The law says we must measure our progress towards this goal. To do this, we must ask applicants and employees if they have a disability or have ever had one. People can become disabled, so we need to ask this question at least every five years.

Completing this form is voluntary, and we hope that you will choose to do so. Your answer is confidential. No one who makes hiring decisions will see it. Your decision to complete the form and your answer will not harm you in any way. If you want to learn more about the law or this form, visit the U.S. Department of Labor’s Office of Federal Contract Compliance Programs (OFCCP) website at www.dol.gov/ofccp.

How do you know if you have a disability?

A disability is a condition that substantially limits one or more of your “major life activities.” If you have or have ever had such a condition, you are a person with a disability. Disabilities include, but are not limited to:

  • Alcohol or other substance use disorder (not currently using drugs illegally)
  • Autoimmune disorder, for example, lupus, fibromyalgia, rheumatoid arthritis, HIV/AIDS
  • Blind or low vision
  • Cancer (past or present)
  • Cardiovascular or heart disease
  • Celiac disease
  • Cerebral palsy
  • Deaf or serious difficulty hearing
  • Diabetes
  • Disfigurement, for example, disfigurement caused by burns, wounds, accidents, or congenital disorders
  • Epilepsy or other seizure disorder
  • Gastrointestinal disorders, for example, Crohn's Disease, irritable bowel syndrome
  • Intellectual or developmental disability
  • Mental health conditions, for example, depression, bipolar disorder, anxiety disorder, schizophrenia, PTSD
  • Missing limbs or partially missing limbs
  • Mobility impairment, benefiting from the use of a wheelchair, scooter, walker, leg brace(s) and/or other supports
  • Nervous system condition, for example, migraine headaches, Parkinson’s disease, multiple sclerosis (MS)
  • Neurodivergence, for example, attention-deficit/hyperactivity disorder (ADHD), autism spectrum disorder, dyslexia, dyspraxia, other learning disabilities
  • Partial or complete paralysis (any cause)
  • Pulmonary or respiratory conditions, for example, tuberculosis, asthma, emphysema
  • Short stature (dwarfism)
  • Traumatic brain injury
Select...

PUBLIC BURDEN STATEMENT: According to the Paperwork Reduction Act of 1995 no persons are required to respond to a collection of information unless such collection displays a valid OMB control number. This survey should take about 5 minutes to complete.