Information Security Engineer

Convey (formerly Message Broadcast) is a mission-critical communications platform, purpose-built for enterprise utilities and regulated industries. We help the nation’s largest energy providers communicate with their customers across SMS, voice, and email with scale, reliability, and security. As we grow, so does our responsibility to protect our infrastructure, our customers, and the end consumers they serve.

We are seeking an experienced Information Security Engineer to own and evolve our security posture across infrastructure, application, and data layers. You will work cross-functionally with DevOps, Engineering, and Compliance teams to implement, monitor, and enforce security best practices in a dynamic SaaS environment. This is a hands-on, high-impact role for a security professional who thrives in regulated and high-availability environments.

What You’ll Do - Responsibilities

• Build and implement security policies, procedures, and controls, across cloud and on-prem environments.

• Lead cloud security initiatives, including IAM, network segmentation, encryption, and infrastructure hardening.

• Lead the evaluation and use of security technologies and tools.

• Conduct risk assessments, threat modeling, vulnerability scans, and security architecture reviews; prioritize and drive remediation.

• Collaborate with DevOps and engineering teams to automate security testing (CI/CD etc.), code analysis, and vulnerability scanning.

• Support application security efforts, including secure coding practices, code scanning, and developer enablement.

• Manage incident response processes, including root cause analysis and long-term mitigation strategies.

• Maintain and enhance security logging, monitoring, and alerting systems.

• Support third-party audits, customer security reviews, and compliance efforts (SOC 2, NERC CIP, etc.).

• Develop and maintain internal security documentation, runbooks, and security awareness training.

What We’re Looking For - Qualifications

• Bachelor's or Graduate's Degree in engineering, business, computer science, information technology preferred or relevant equivalent experience.

• 5+ years in security engineering, cloud security, or DevSecOps.

• Experience developing and enforcing security policies and standards in regulated environments.

• Deep understanding of AWS security architecture (IAM, VPCs, Security Groups, KMS, etc.).

• Experience securing containerized applications (Docker, Kubernetes, ECS).

• Proficiency in infrastructure-as-code and CI/CD pipeline security (Terraform, GitHub Actions, etc.).

• Familiarity with SOC 2, NIST, ISO 27001, or similar frameworks.

• Knowledge of industry-standard tools (CrowdStrike, Nessus, OSSEC, Splunk, etc.).

• Strong scripting or coding ability (Python, Bash, etc.) for automation and tooling.

• Clear, concise communicator, comfortable working in cross-functional teams.

• Bonus: Experience in a SaaS company selling into regulated industries (utilities, financial services, healthcare, etc.).

Why Convey

• High-impact work supporting essential infrastructure for tens of millions of utility customers.

• Strong, people-first culture with a focus on accountability, reliability, and continuous improvement.

• Remote-first team with competitive compensation, benefits, and opportunities for growth.

Salary range: $140K-$170K annually, bonus eligible

***This position offers a hybrid work arrangement, blending the benefits of in-office collaboration with remote flexibility. You'll be required to work from our office in downtown Denver, CO, on Mondays, Tuesdays, and Wednesdays. To ensure a productive remote work experience, we provide a home office setup. Partial parking subsidy provided - $50 per pay period/biweekly.

***Convey does not provide relocation assistance

US-BASED ROLES ONLY - BENEFITS

• Fully covered Medical, Dental, and Vision coverage for employees

  • Cost share for dependents

• 401(K) plan with company match

• Fully covered STD/LTD

• Employee Assistance Program (EAP)

• Paid Maternity Leave

  • 12 weeks of paid parental leave for birthing parent

• Paid Paternity Leave

• Flexible PTO policy - We trust employees to manage their time effectively and take time off as needed to maintain a healthy work-life balance. Discretionary time off is unlimited, subject to manager approval and business needs.

• 12 paid holidays throughout the year, including winter recess for all employees between December 25th-January 1st

• On-site gym available for free use in Denver, CO for employees based in the Denver area

Convey (formerly Message Broadcast) is an Equal Opportunity Employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, protected veteran status, or any other characteristic protected by law.