Security Specialist

About Kojo

It's time to build. Whether it's creating more housing, upgrading our infrastructure, or adapting to climate change, one thing is clear: the construction industry is at the center of solving our biggest problems. We’re making buildings cheaper and easier to build by transforming the way commercial construction companies buy their materials. Join us.

Founded in 2018, Kojo is now one of the fastest-growing construction technology companies in the world. Construction accounts for $10 trillion in global spend annually and we can’t live without its output - our roads, schools, hospitals, and offices. Despite this, there’s been very little innovation over the past 70 years in how materials - which constitute up to 40% of project costs - are bought and sold. This is our opportunity.

About the Role

Kojo is looking for a Security Specialist to lead and scale our security and compliance efforts. This IC role sits within the Infrastructure team, not operations, and blends hands-on technical work with audit readiness, policy management, and risk oversight. You’ll be the go-to expert for SOC 2, AWS security, incident response, and access control as we grow.

This is not a checkbox compliance role, you’ll directly influence how security is built, enforced, and maintained across our infrastructure.

What You'll Do

• Own and lead our SOC 2 Type I & II readiness, audits, and ongoing compliance

• Develop and enforce internal security policies and controls

• Improve and monitor AWS security posture (IAM, GuardDuty, encryption, etc.)

• Manage secrets (Vault, AWS Secrets Manager), access, and vulnerability remediation

• Triage real-time security alerts and lead incident response efforts

• Support secure CI/CD practices, infrastructure as code, and engineering reviews

• Partner with leadership and auditors for security reviews and vendor risk management

What We're Looking For

• 5+ years in security, infrastructure, or DevOps roles

• Proven ownership of SOC 2 Type II audit cycles at a SaaS company

• Hands-on AWS security experience; familiarity with Terraform, CI/CD pipelines

• Experience with tools like Datadog, Snyk, or other SIEM platforms

• Strong written communication for policies, incident logs, and audit evidence

• Startup-minded: proactive, self-sufficient, pragmatic, and collaborative

Nice to Have

• Familiarity with Vanta, Drata, ISO 27001, or similar compliance tools

• Basic secure coding knowledge or experience with code review support

• Experience supporting phishing simulations or employee security training

Working at Kojo

Salary: Your salary will be dependent upon many factors, including your experience level, skillset, market dynamics and balancing internal equity relative to other Kojo employees. The compensation and benefits information that we provide is based on Kojo’s good-faith estimate as of the date of the job posting and may be modified in the future.

Benefits: This position is also eligible for a new hire equity grant and all US-based full time employees are eligible for our full suite of perks and benefits. For more information about our perks and benefits, check out https://www.usekojo.com/careers.

Location: Kojo’s team members work from home 100% of the time across North and South America. If applicable, we’ll identify the travel and/or location-specific requirements of a position in the text above. Otherwise, team members can expect to work business hours congruent with their local time zone and remotely.

Inclusive Workplace: Kojo values diverse perspectives and is committed to building an inclusive workplace. We are proud to be an equal opportunity workplace and do not discriminate on the basis of sex, race, color, age, sexual orientation, gender identity, religion, national origin, citizenship, marital status, veteran status, or disability status. Pursuant to the San Francisco Fair Chance Ordinance, we consider for employment qualified applicants with arrest and conviction records. We strongly encourage people from underrepresented groups to apply.



Scam Notice: Please be aware that there are individuals and organizations that may attempt to scam job seekers by offering fraudulent employment opportunities in the name of Kojo. These scams may involve fake job postings, unsolicited emails, or messages claiming to be from our recruiters or hiring managers. Kojo will never ask for any personal account information, such credit card details or bank account numbers, during the recruitment process.