O pozici
UserGems is the AI command center for go-to-market teams (think of it as an AI brain for sales and marketing). Powered by best-in-class contact data, its AI agents (Gem-E) automatically surface high-intent buyers, prioritize them, deploy personalized outbound, create ad audiences and ABM to drive more pipeline.
We’re backed by top Silicon Valley VCs (Craft Ventures, Uncork Capital, Battery Ventures, Tiger Global, and more) and have hundreds of happy customers from startups to public enterprises.
UserGems is an AI platform helping sales and marketing teams double pipeline impact. Our AI agent Gem-E turns signals from CRMs, buying intent, and public data into precise outreach - generating $4B in pipeline and $950M in revenue for customers like CrowdStrike, UserTesting, and SAP LeanIX (15X+ ROI).
UserGems is a ~70-person company with around 25 engineers across Europe and 45 team members in sales and marketing based in the U.S. Several of our customers are top-tier security companies themselves (e.g. CrowdStrike), so our own security posture directly influences how fast revenue can move.
Co budeš dělat
- Operate UserGems' security and compliance program day-to-day, partnered with the Sr. Director on direction and strategy.
- You will be UserGems' single dedicated security person , taking over the operational majority of the security work the Sr. Director currently owns.
- Own SOC 2 - keep Drata green and audits clean.
- Lead ISO 27001 implementation , then ISO 42001.
- Run the customer security questionnaire process (SafeBase + Trust Center) - fast turnaround directly unblocks revenue.
- Drata-driven AWS remediation. Action simple Drata findings directly in AWS yourself - IAM tweaks, S3 settings, secrets hygiene, audit-trail follow-ups. Larger or higher-risk changes go to engineering.
- Vulnerability management. Oversee and extend the existing scanner-findings automation in Linear; hit SLAs.
- Light secure code review. Spot-check high-risk features and new repositories (especially AI/LLM systems) before they go to production; escalate deeper AppSec questions to engineering and external pen testers.
- Threat detection & response. Tune GuardDuty findings, evaluate central logging / SIEM options, run tabletop exercises, mature the IRP from written to rehearsed.
- Offensive security. Run the annual external pen test, perform regular internal pen tests yourself, handle external researcher reports and bug bounty payouts.
- Onboarding & offboarding. Own access provisioning and revocation.
- Be the security person at UserGems. Internally and externally, you are the face of security - questions, escalations, customer security reviews, and audit conversations come to you.
Koho hledáme
- Lean strongly into compliance/GRC operations - with enough hands-on AWS comfort to action Drata-flagged remediations independently.
- Want to own operations end-to-end and influence direction - you propose, the Sr. Director approves, you ship.
- Like a startup environment where priorities are clear, ownership is real, and you ship and move on.
- Hands-on Kubernetes / container security.
- Light coding ability (Java preferred) - our security automation lives in code, and you'll extend it.
- Experience with auditing LLM security
Benefity
- We're a remote-first company with employees across the Americas and Europe
- We have weekly standups, virtual happy hours, and in-person off-sites around the world so that everyone stays connected
- We are customer-focused and data-driven in everything we do
- We value individual differences in the workforce and strive to make everyone feel welcomed and accepted, regardless of their skin color, gender, or sexual orientation
- We offer a competitive salary and benefits
