Staff Security Engineer (Blue Team)

Olo is a leading SaaS platform accelerating digital transformation in the restaurant industry, by helping customers deliver more personalized and profitable guest experiences. As a result, our digital ordering, payment, and guest engagement solutions enable brands to do more with less and make every guest feel like a regular. Reporting to the Security Engineering Director, the Staff Security Engineer will act as technical lead of the Olo Security Blue Team and work on security defences that allow our systems to keep running while protecting the data of our clients and their customers. Additionally, you will help in the identification and prioritization of future project initiatives based on risk and execute on cross-functional projects with a high degree of ownership and excellence, all while actively mentoring other team members and elevating the collective team’s capabilities and skill sets. If you are passionate about reducing risk while supporting innovation we encourage you to apply! You can work remotely from anywhere in the U.S. or at Olo's headquarters in NYC. About Olo Olo is a leading restaurant technology provider with ordering, payment, and guest engagement solutions that help brands increase orders, streamline operations, and improve the guest experience. Each day, Olo processes millions of orders on its open SaaS platform, gathering the right data from each touchpoint into a single source—so restaurants can better understand and better serve every guest on every channel, every time. Over 800 restaurant brands trust Olo and its network of more than 400 integration partners to innovate on behalf of the restaurant community, accelerating technology’s positive impact and creating a world where every restaurant guest feels like a regular. Learn more at olo.com. We’re remote-friendly. Since 2015, we have been evolving our culture to continue to support a more distributed workforce and now over 75% of our team works remotely across the U.S. If you're in the New York City area, you can choose to work remotely or from Olo's headquarters. We offer great benefits, such as 20 days of paid time off, 10 sick days, 11 holidays, plus year-end closure, health, dental, and vision coverage for yourself and your family, a 401k match, remote-office stipend, a generous parental leave plan, volunteer time off, gift matching policy, and more! Our best estimate of the compensation range for this opportunity is $161,000-$220,000 annually, depending on the experience you bring and your location. We look forward to discussing your salary expectations and our full total rewards offerings throughout the interview process. We encourage you to apply! At Olo, we believe bringing together people with varied experiences and viewpoints leads to better results. Don't check every box in the job description? Research shows many qualified candidates hold back from applying unless they meet all listed requirements. We're committed to creating a genuine workplace where everyone can contribute their best work—this improves our decision-making and helps us better serve our communities. So if you're enthusiastic about this role but your background doesn't align perfectly with every qualification, we encourage you to apply anyway. You might be exactly the right fit for this or other positions. All applicants receive consideration for employment. We do not discriminate on the basis of race, religion, colour, national origin, gender identity, sexual orientation, pregnancy, age, marital status, veteran status, or disability status. California Residents: CCPA notice What You'll Do Guide and coach Olo’s Blue Team on Information Protection, Incident Detection and Response and Service Delivery. You will provide strategic and technical oversight to the team and the program. Technically lead a team of security engineers and analysts who hunt, detect, and respond to internal and external threats. Collaborate with customers and partners to strengthen their security posture. Drive ongoing optimizations by implementing new technologies, replacing technologies, addressing evolving threats, scaling practices and automating security activities. Ultimately you will keep team member and customers data safe by identifying and mitigating vulnerabilities and risks by providing actionable guidance to product teams. Information Protection Lead Olo’s Information Protection program including the selection, testing, implementation and maintenance of security tools and services, security awareness, service provider management and the ongoing testing of those controls. Oversee Vulnerability Management program including vulnerability assessments, risk scoring and vulnerability resolution. Oversee Threat Hunting program to detect and mitigate advanced threats. Manage non-event driven security reviews, including concept reviews, design reviews, patching, firewall rules and system configuration checks. Apply Web application and API security principles and techniques, such as zero trust, RBAC, authentication, authorization, auditing, rate limiting, challenges, etc., to protect our cloud-based services from unauthorized access and abuse. Incident Detection and Response Oversee Incident Detection and Response program including ownership of incident response processes, tools and services and the ongoing continuous improvement of those controls. Coordinate the detection and response to attacks through all incident phases. Ensure incident reports are accurate, detailed and relevant. Monitor, detect, and remediate misconfigurations and security risks across our cloud environments. Participate in a 24/7 on-call rotation. Security Services Oversee Security Services program including security support requests, risk assessments, vendor assessments, PCI and SOC audit support and service provider management. What We'll Expect from You 5+ years of Security Engineering, Security Operations or Security Architecture experience. CISSP, GCIH or similar certification preferred. Experience acting as technical lead to distributed teams consisting largely of remote engineers. Experience complying with PCI-DSS and other compliance and regulatory standards. Experience with attacker tactics, techniques and procedures. Knowledge of information technology, evolving threats, attack patterns, incident response and cyber security standards. Experience developing and leading incident response, remediation and mitigation activities, and providing status updates and reports. Experience analyzing security events to discern events that qualify as a legitimate security incident as opposed to non-incidents (ie. incident investigation, implementing countermeasures, and conducting incident response). Deep understanding of operating system, networking and application concepts. Experience hardening Windows, MacOS, Linux Containers and Kubernetes. Familiarity with AWS security best practices and Infrastructure-as-Code. Experience deploying and maintaining security technologies. (e.g. Access Proxies, API Gateway, Anti-Malware, Application Control, Cloud Security Posture, Data Leak Prevention, Data Mapping, Endpoint Detection & Response, Intrusion Detection System, File Integrity Monitoring, Firewalls, Mobile Device Management, Multi Factor Authentication, SIEM, Static Inspection, Vulnerability Assessment, Web Proxies, WAF and Zero Trust). Adept at working with internal Product & Engineering, Legal, People & Culture, Finance and GTM teams and external partners, auditors and customers. Ability to work during critical incidents or to support coverage requirements.

{
  "content_hash": "28d7c923a56db93b2de0c21b535c1aa427887ccf4509f62f4c9c11fbe4bd2079",
  "source_hash": "f526d93c9637b3f2481a5d700037d9cb894af388038d6f25b19ff17bca4de352",
  "last_changed_at": "2026-05-29T07:00:00.164Z",
  "active_status": "active"
}

{
  "language": "en",
  "location": {
    "raw": "NYC or Remote",
    "city": "NYC or",
    "region": null,
    "country": "United States",
    "is_remote": true,
    "confidence": 0.9
  },
  "salary_max": 220000,
  "salary_min": 161000,
  "inferred_at": "2026-06-19T07:55:40.275Z",
  "launch_scope": {
    "reason": "english_us_canada",
    "included": true,
    "language": "en",
    "location": {
      "raw": "NYC or Remote",
      "city": "NYC or",
      "region": null,
      "country": "United States",
      "is_remote": true,
      "confidence": 0.9
    },
    "countries": [
      "United States"
    ]
  },
  "remote_policy": "remote",
  "salary_period": "year",
  "workplace_type": "remote",
  "salary_currency": "USD"
}

{}

{
  "lists": [
    {
      "text": "What You'll Do",
      "content": "\n<li>Guide and coach Olo’s Blue Team on Information Protection, Incident Detection and Response and Service Delivery.</li>\n<li>You will provide strategic and technical oversight to the team and the program.</li>\n<li>Technically lead a team of security engineers and analysts who hunt, detect, and respond to internal and external threats.</li>\n<li>Collaborate with customers and partners to strengthen their security posture.</li>\n<li>Drive ongoing optimizations by implementing new technologies, replacing technologies, addressing evolving threats, scaling practices and automating security activities.</li>\n<li>Ultimately you will keep team member and customers data safe by identifying and mitigating vulnerabilities and risks by providing actionable guidance to product teams.</li>\n"
    },
    {
      "text": "Information Protection",
      "content": "\n<li>Lead Olo’s Information Protection program including the selection, testing, implementation and maintenance of security tools and services, security awareness, service provider management and the ongoing testing of those controls.</li>\n<li>Oversee Vulnerability Management program including vulnerability assessments, risk scoring and vulnerability resolution.</li>\n<li>Oversee Threat Hunting program to detect and mitigate advanced threats.</li>\n<li>Manage non-event driven security reviews, including concept reviews, design reviews, patching, firewall rules and system configuration checks.</li>\n<li>Apply Web application and API security principles and techniques, such as zero trust, RBAC, authentication, authorization, auditing, rate limiting, challenges, etc., to protect our cloud-based services from unauthorized access and abuse.</li>\n"
    },
    {
      "text": "Incident Detection and Response",
      "content": "\n<li>Oversee Incident Detection and Response program including ownership of incident response processes, tools and services and the ongoing continuous improvement of those controls.</li>\n<li>Coordinate the detection and response to attacks through all incident phases.</li>\n<li>Ensure incident reports are accurate, detailed and relevant.</li>\n<li>Monitor, detect, and remediate misconfigurations and security risks across our cloud environments.&nbsp;</li>\n<li>Participate in a 24/7 on-call rotation.</li>\n"
    },
    {
      "text": "Security Services",
      "content": "\n<li>Oversee Security Services program including security support requests, risk assessments, vendor assessments, PCI and SOC audit support and service provider management.</li>\n"
    },
    {
      "text": "What We'll Expect from You",
      "content": "\n<li>5+ years of Security Engineering, Security Operations or Security Architecture experience.</li>\n<li>CISSP, GCIH or similar certification preferred.</li>\n<li>Experience acting as technical lead to distributed teams consisting largely of remote engineers.</li>\n<li>Experience complying with PCI-DSS and other compliance and regulatory standards.</li>\n<li>Experience with attacker tactics, techniques and procedures.</li>\n<li>Knowledge of information technology, evolving threats, attack patterns, incident response and cyber security standards.</li>\n<li>Experience developing and leading incident response, remediation and mitigation activities, and providing status updates and reports.</li>\n<li>Experience analyzing security events to discern events that qualify as a legitimate security incident as opposed to non-incidents (ie. incident investigation, implementing countermeasures, and conducting incident response).</li>\n<li>Deep understanding of operating system, networking and application concepts.</li>\n<li>Experience hardening Windows, MacOS, Linux Containers and Kubernetes.</li>\n<li>Familiarity with AWS security best practices and Infrastructure-as-Code.</li>\n<li>Experience deploying and maintaining security technologies. (e.g. Access Proxies, API Gateway, Anti-Malware, Application Control, Cloud Security Posture, Data Leak Prevention, Data Mapping, Endpoint Detection &amp; Response, Intrusion Detection System, File Integrity Monitoring, Firewalls, Mobile Device Management, Multi Factor Authentication, SIEM, Static Inspection, Vulnerability Assessment, Web Proxies, WAF and Zero Trust).</li>\n<li>Adept at working with internal Product &amp; Engineering, Legal, People &amp; Culture, Finance and GTM teams and external partners, auditors and customers.</li>\n<li>Ability to work during critical incidents or to support coverage requirements.</li>\n\n<div>&nbsp;</div>"
    }
  ],
  "country": "US",
  "createdAt": 1766172659106,
  "updatedAt": null,
  "categories": {
    "team": "Security",
    "location": "NYC or Remote",
    "commitment": "Full-Time",
    "department": "Engineering",
    "allLocations": [
      "NYC or Remote"
    ]
  },
  "salaryRange": null,
  "workplaceType": "remote"
}