Security and Compliance Engineer

Job Description

Job Description

Overview

The Tyndale Company is seeking a Security and Compliance Engineer to join their dynamic IT team! This position supports Tyndale's day-to-day IT security operations and compliance readiness across infrastructure, identity, applications, SaaS platforms, integrations, and software delivery. The role turns security policies and standards into repeatable processes, clear reporting, documented exceptions, and practical remediation plans.

Working with IT leadership, Infrastructure, DevOps, SRE, Development, QA, application owners, and the broader Security/Governance function, this role focuses on vulnerability and patch management governance, IAM hygiene, security monitoring, SaaS and integration security, cyberinsurance and vendor risk reporting, secure SDLC practices, PCI DSS support, and SOC 2 Type 2 readiness.

HYBRID/REMOTE: Tyndale supports a strong work-life balance. This opportunity requires onsite work a minimum of 1 day per week, and 4 days per week remotely. To be considered, candidates must reside within a commutable distance from our corporate headquarters in Pipersville, PA (Bucks County) or our location in Houston, TX (City Centre).

About Tyndale

The Tyndale Company is a private, 9x Top Workplace winner in PA and 5x winner in TX, and an industry leading national supplier of arc-rated flame-resistant clothing (FRC) to the energy sector – including utilities, oil and gas, transportation, chemical manufacturing, and NFPA 70E markets. We’re a family-owned business providing a retail-style apparel experience to hundreds of thousands of energy workers across the US and Canada. We’re the leading distributor of innovative FRC solutions, and the largest industrial supplier of Carhartt FR, Ariat FR, and Wrangler FR clothing.

Responsibilities

• Coordinate the vulnerability and patch management process, including Tenable scan review, triage, remediation tracking, exception documentation, and reporting.
• Monitor security posture across servers, endpoints, network devices, SaaS platforms, integrations, and IT-managed applications; follow up with owners on critical updates and patches.
• Review IAM controls, including MFA, SSO, role-based access, least privilege, privileged/admin access, service accounts, shared-account risks, and provisioning/deprovisioning.
• Conduct internal control audits for access removal, access reviews, patch controls, change/release controls, and system retirement processes.
• Administer, tune, and report on security monitoring tools such as Identity Management, EDR, MDR, or SIEM platforms; maintain alert routing, escalation procedures, and response playbooks.
• Support PCI DSS, SOC 2 Type 2, cyberinsurance, and vendor risk activities through evidence collection, control testing, gap tracking, and remediation follow-up.
• Provide security oversight for IT applications, SaaS platforms, integrations, and privileged/admin logins by ensuring ownership, secure configuration, SSO/MFA usage, access controls, and documentation.
• Centralize vendor and platform security communications, maintenance notices, security advisories, and terms/privacy/security updates; route action items to the appropriate owners.
• Partner with Development, QA, DevOps, and SRE teams on secure SDLC practices, including CI/CD checks, pull request templates, dependency/secrets scanning, threat-model checklists, and security review for major changes.
• Maintain security procedures, playbooks, dashboards, exception logs, and audit evidence; serve as a day-to-day security and compliance resource for IT teams.

Qualifications

• Minimum of 5 years of experience in IT security operations, vulnerability management, IT compliance, infrastructure operations, systems administration, IAM, or related roles.
• Bachelor's degree in information technology, cybersecurity, computer science, or a related field is preferred; equivalent experience will be considered.
• Experience with vulnerability management tools.
• Experience with EDR, MDR, SIEM, endpoint protection, or security monitoring platforms
• Strong understanding of IAM concepts, patch management, vulnerability remediation, change management, exception handling, operational reporting, and risk tracking.
• Familiarity with SOC 2 Type 2, PCI DSS, NIST CSF, CIS Controls, data privacy requirements, cyberinsurance controls, and vendor risk assessments.
• Familiarity with secure SDLC practices, including CI/CD security controls, secrets management, dependency scanning, pull request workflows, and threat modeling.
• Strong analytical, organizational, documentation, communication, and follow-up skills, with the ability to work across technical and non-technical teams.
• Preferred: Security certifications such as Security+, CySA+, GSEC, SSCP, CISSP, CISA, or CISM; experience in ecommerce, retail, manufacturing, distribution, ERP, WMS, SaaS, or payment-related environments.

Benefits

• Health & Wellness: Comprehensive medical, dental, and vision insurance with competitive premiums. Paid parental leave. Mental health support through an EAP and partial reimbursement on copays, fertility support, and robust wellness programs with annual reimbursements.
• Work-Life Balance: Many positions with Tyndale offer hybrid onsite + remote work schedules, generous PTO, paid holidays + a floating holiday, and more.
• Financial Compensation: Competitive salary, 401(k) with matching, and bonus opportunities.
• Career Growth & Development: Training/certification/tuition reimbursement programs and demonstrated paths for knowledge share and internal promotion opportunity.
• Culture & Perks: Family-owned values, award winning culture, team-engagement events, casual dress code, company-sponsored charitable events and activities, and an inclusive workplace that values collaboration and integrity.

Qualified candidates are encouraged to apply on our website, www.tyndaleusa.com/careers.

E.O.E

#LI-Hybrid #LI-SP1

Company DescriptionThe Tyndale Company, a private, consecutive Top Workplace winner in PA and TX and industry leading national supplier of arc-rated flame resistant (FR) clothing to the utilities, oil and gas, transportation, chemical manufacturing, molten metals, and NFPA 70E markets. We’re a family-owned, and certified woman-owned (WBE) business providing a retail-style apparel experience to hundreds of thousands of energy workers across the US and Canada. We’re the leading distributor of innovative FRC solutions, and the largest industrial supplier of Carhartt FR, Ariat FR, and Wrangler FR clothing.

Company Description

The Tyndale Company, a private, consecutive Top Workplace winner in PA and TX and industry leading national supplier of arc-rated flame resistant (FR) clothing to the utilities, oil and gas, transportation, chemical manufacturing, molten metals, and NFPA 70E markets. We’re a family-owned, and certified woman-owned (WBE) business providing a retail-style apparel experience to hundreds of thousands of energy workers across the US and Canada. We’re the leading distributor of innovative FRC solutions, and the largest industrial supplier of Carhartt FR, Ariat FR, and Wrangler FR clothing.