Back to jobs
New

Trust and Safety Engineer

Chicago, IL
About SpotOn
 
We’re not just building restaurant tech—we’re giving independent restaurants the tools to compete and win. From our award-winning point-of-sale to AI-powered profit tools, everything we do helps operators boost profit, work smarter, and keep their best people. And every solution is backed by real humans who actually give a sh*t about helping restaurants succeed.
  • Named the #1 Restaurant POS by G2 (Fall 2025), based on ratings from real users
  • Rated the top-rated point-of-sale (POS) for restaurants, bars, retail, and small businesses by Capterra users
  • Awarded Great Places to Work and Built In’s Best Workplaces for multiple years running
We move fast, care hard, and fight for independent restaurant operators to do what they love, and love doing it. If you’re looking to make an impact with heart and hustle, SpotOn is the place for you.

We are seeking a Trust & Safety Engineer to help protect our SaaS-based eCommerce platform by blending compliance engineering with security operations. In this role, you will build, operate, and automate security controls while designing infrastructure that meets the highest standards of trust and safety. This role blends compliance engineering, security operations, and risk monitoring. You will be responsible for ensuring our systems meet regulatory and trust requirements (SOC 2, ISO 27001, PCI DSS, GDPR/CCPA) while also leading core security detection, monitoring, and incident response capabilities. We believe that trust is earned—and sustained—through transparency, accountability, and secure engineering. As a Trust, Safety & Security Operations Engineer, you’ll help us ensure our business, systems, and people operate with integrity and compliance at every level.

 

What You’ll Do

Incident Response & Security Operations

  • Lead security incident response efforts, including containment, investigation, root cause analysis, and post-incident reviews. You must be able to organize complex information, initiate response workflows, and confidently lead calls with key stakeholders.
  • Manage and monitor endpoint security tools (e.g., CrowdStrike). You must be familiar with modern security requirements for managed devices including laptops, containerized resources, servers, and mobile devices.
  • Operate and enhance security monitoring and alerting across cloud, SaaS, endpoint, and identity environments.
  • Triage and investigate security alerts related to access misuse, policy violations, suspicious activity, and data exposure.
  • Maintain and tune SIEM detections, alert thresholds, and response playbooks.
  • Leverage AI tools and technologies to enhance Security Operations

Compliance Engineering & Automation

  • Lead the technical requirements to enable automation capabilities to improve time-to-respond, evidence collection, and overall efficacy for visibility and reporting.
  • Implement and automate compliance workflows by building integrations that support SOC 2, ISO 27001, PCI DSS, and privacy initiatives.
  • Ensure evidence is collected automatically and control performance is continuously validated.
  • Translate policies into technical solutions, and annually maintain policies to ensure they remain current with evolving business and regulatory needs.
  • Evaluate risk posture and technical requirements for third-party vendors to ensure alignment with internal trust and security standards.
  • Identify areas for AI tools and technologies to enhance GRC functions

Data Protection & Risk Management

  • Engineer and maintain data protection controls—including encryption, logging, access management, data retention, and proper storage and segregation of PII.
  • Conduct periodic user access reviews and implement least-privilege access controls and privileged access workflows.
  • Detect and investigate insider risk indicators and anomalous access patterns.
  • Secure by Design: Partner with product, engineering, and IT teams to embed compliance-by-design principles into new systems and business processes.

 

What You’ll Bring

Experience & Education

  • 3–7 years of experience in security engineering, compliance automation, Security Operations, or GRC-aligned roles in a SaaS or eCommerce environment.
  • Bachelor’s degree in Computer Science, Cybersecurity, Information Systems, or related field (or equivalent experience).
  • Certifications: CISSP is preferred but not required

Technical Skills

  • Hands-on experience implementing and administering endpoint management & security technologies
  • Understanding of compliance frameworks including SOC 2, PCI DSS, GDPR, and CCPA.
  • Hands-on experience securing cloud platforms and SaaS management tools.
  • Proficiency in scripting (Python, PowerShell, Bash)
  • Experience leveraging AI tools and technologies to create opportunities for optimization, automation, and intelligent use of data integrations.
  • Experience administering a SIEM, alerting, and incident response workflows.
  • Experience with compliance automation platforms (e.g., Drata)
  • Background in risk scoring or control maturity frameworks.

Soft Skills

  • Comfortable leading large calls with key stakeholders and explaining technical controls to non-technical audiences.
  • A bias for action; you are a self-starter comfortable working autonomously.
  • Possess intellectual curiosity at all times
  • Desire to build and maintain relationships across the business including both technical and non-technical teams

The base salary range listed will vary depending on location and experience.

Base salary range

$84,550 - $116,550 USD

We will never ask candidates to pay fees, purchase equipment, or share sensitive personal or financial information during the hiring process. All legitimate communication from our recruiting team will come from an official company email address (@spoton.com). If something seems suspicious, please contact us at careers@spoton.com

SpotOn is an equal employment opportunity employer. Qualified candidates are considered for employment without regard to race, religion, gender, gender identity, sexual orientation, national origin, age, military or veteran status, disability, or any other characteristic protected by applicable law.

SpotOn is an E-Verify company.

Apply for this job

*

indicates a required field

Resume/CV*

Accepted file types: pdf, doc, docx, txt, rtf

Cover Letter

Accepted file types: pdf, doc, docx, txt, rtf

Select...

Voluntary Self-Identification

For government reporting purposes, we ask candidates to respond to the below self-identification survey. Completion of the form is entirely voluntary. Whatever your decision, it will not be considered in the hiring process or thereafter. Any information that you do provide will be recorded and maintained in a confidential file.

As set forth in SpotOn: Product’s Equal Employment Opportunity policy, we do not discriminate on the basis of any protected group status under any applicable law.

Select...
Select...
Race & Ethnicity Definitions

If you believe you belong to any of the categories of protected veterans listed below, please indicate by making the appropriate selection. As a government contractor subject to the Vietnam Era Veterans Readjustment Assistance Act (VEVRAA), we request this information in order to measure the effectiveness of the outreach and positive recruitment efforts we undertake pursuant to VEVRAA. Classification of protected categories is as follows:

A "disabled veteran" is one of the following: a veteran of the U.S. military, ground, naval or air service who is entitled to compensation (or who but for the receipt of military retired pay would be entitled to compensation) under laws administered by the Secretary of Veterans Affairs; or a person who was discharged or released from active duty because of a service-connected disability.

A "recently separated veteran" means any veteran during the three-year period beginning on the date of such veteran's discharge or release from active duty in the U.S. military, ground, naval, or air service.

An "active duty wartime or campaign badge veteran" means a veteran who served on active duty in the U.S. military, ground, naval or air service during a war, or in a campaign or expedition for which a campaign badge has been authorized under the laws administered by the Department of Defense.

An "Armed forces service medal veteran" means a veteran who, while serving on active duty in the U.S. military, ground, naval or air service, participated in a United States military operation for which an Armed Forces service medal was awarded pursuant to Executive Order 12985.

Select...

Voluntary Self-Identification of Disability

Form CC-305
Page 1 of 1
OMB Control Number 1250-0005
Expires 04/30/2026

Why are you being asked to complete this form?

We are a federal contractor or subcontractor. The law requires us to provide equal employment opportunity to qualified people with disabilities. We have a goal of having at least 7% of our workers as people with disabilities. The law says we must measure our progress towards this goal. To do this, we must ask applicants and employees if they have a disability or have ever had one. People can become disabled, so we need to ask this question at least every five years.

Completing this form is voluntary, and we hope that you will choose to do so. Your answer is confidential. No one who makes hiring decisions will see it. Your decision to complete the form and your answer will not harm you in any way. If you want to learn more about the law or this form, visit the U.S. Department of Labor’s Office of Federal Contract Compliance Programs (OFCCP) website at www.dol.gov/ofccp.

How do you know if you have a disability?

A disability is a condition that substantially limits one or more of your “major life activities.” If you have or have ever had such a condition, you are a person with a disability. Disabilities include, but are not limited to:

  • Alcohol or other substance use disorder (not currently using drugs illegally)
  • Autoimmune disorder, for example, lupus, fibromyalgia, rheumatoid arthritis, HIV/AIDS
  • Blind or low vision
  • Cancer (past or present)
  • Cardiovascular or heart disease
  • Celiac disease
  • Cerebral palsy
  • Deaf or serious difficulty hearing
  • Diabetes
  • Disfigurement, for example, disfigurement caused by burns, wounds, accidents, or congenital disorders
  • Epilepsy or other seizure disorder
  • Gastrointestinal disorders, for example, Crohn's Disease, irritable bowel syndrome
  • Intellectual or developmental disability
  • Mental health conditions, for example, depression, bipolar disorder, anxiety disorder, schizophrenia, PTSD
  • Missing limbs or partially missing limbs
  • Mobility impairment, benefiting from the use of a wheelchair, scooter, walker, leg brace(s) and/or other supports
  • Nervous system condition, for example, migraine headaches, Parkinson’s disease, multiple sclerosis (MS)
  • Neurodivergence, for example, attention-deficit/hyperactivity disorder (ADHD), autism spectrum disorder, dyslexia, dyspraxia, other learning disabilities
  • Partial or complete paralysis (any cause)
  • Pulmonary or respiratory conditions, for example, tuberculosis, asthma, emphysema
  • Short stature (dwarfism)
  • Traumatic brain injury
Select...

PUBLIC BURDEN STATEMENT: According to the Paperwork Reduction Act of 1995 no persons are required to respond to a collection of information unless such collection displays a valid OMB control number. This survey should take about 5 minutes to complete.