Security Engineer; Blue Team

Staff Security Engineer (Blue Team) at Olo

Reporting to the Security Engineering Director, the Staff Security Engineer will act as the technical lead of the Olo Security Blue Team, designing and maintaining security defenses that protect our clients and their customers while keeping our systems operational.

Remote work is available from anywhere in the U.S., in addition to Olo headquarters in NYC.

• Guide and coach Olo’s Blue Team on Information Protection, Incident Detection & Response, and Service Delivery.
• Provide strategic and technical oversight of the team and overall program.
• Lead a team of security engineers and analysts who hunt, detect, and respond to internal and external threats.
• Collaborate with customers and partners to strengthen their security posture.
• Drive continuous optimizations by implementing new technologies, retiring legacy tools, addressing evolving threats, scaling practices, and automating security activities.
• Identify and mitigate vulnerabilities and risks by providing actionable guidance to product teams.

• Lead Olo’s Information Protection program—including selection, testing, implementation, and maintenance of security tools and services, security awareness, and service provider management.
• Oversee the Vulnerability Management program, including assessments, risk scoring, and resolution.
• Direct the Threat Hunting program to detect and mitigate advanced threats.
• Manage non‑event‑driven security reviews, such as concept reviews, design reviews, patching, firewall rule changes, and system configuration checks.
• Apply web application and API security principles (zero trust, RBAC, authentication, authorization, auditing, rate limiting, and challenges) to protect our cloud‑based services.

• Oversee the Incident Detection & Response program—including ownership of processes, tools, services, and continuous improvement.
• Coordinate detection and response across all incident phases.
• Ensure incident reports are accurate, detailed, and relevant.
• Monitor, detect, and remediate misconfigurations and security risks across our cloud environments.
• Participate in a 24/7 on‑call rotation.

• Oversee the Security Services program, covering support requests, risk assessments, vendor assessments, PCI and SOC audit support, and service provider management.

• 5+ years of Security Engineering, Security Operations, or Security Architecture experience.
• Preferred certifications: CISSP, GCIH or similar.
• Experience acting as a technical lead for distributed teams, primarily remote.
• Compliance experience with PCI‑DSS and other regulatory standards.
• In-depth knowledge of attacker tactics, techniques, and procedures.
• Understanding of information technology, evolving threats, incident response, and cybersecurity standards.
• Experience leading incident response, remediation, and mitigation activities, including status updates and reporting.
• Ability to analyze security events and distinguish legitimate incidents from non‑incidents.
• Strong grasp of operating system, networking, and application concepts.
• Experience hardening Windows, macOS, Linux, containers, and Kubernetes.
• Familiarity with AWS security best practices and Infrastructure‑as‑Code.
• Hands‑on experience deploying and maintaining security technologies such as Access Proxies, API Gateways, Anti‑Malware, Application Control, Cloud Security Posture, Data Leak Prevention, Endpoint Detection & Response, IDS, File Integrity Monitoring, Firewalls, MDM, MFA, SIEM, Static Analysis, WAF, and Zero Trust.
• Adept at collaborating with Product & Engineering, Legal, People & Culture, Finance, GTM, auditors, and customers.
• Availability to work during critical incidents and support coverage requirements.
• Strong written and verbal communication skills in English.

Olo is a leading restaurant technology provider with ordering, payment, and guest engagement solutions that help brands increase orders, streamline operations, and improve the guest experience. Each day, Olo processes millions of orders on its open SaaS platform, gathering the right data from each touchpoint into a single…