Real is hiring an Application and Cloud Security Engineer

Real is looking for an Application and Cloud Security Engineer to lead the integration of security best practices into our software development and infrastructure operations. You will work closely with engineering teams to embed security into CI/CD pipelines, harden Kubernetes clusters, and safeguard our applications, cloud services, and containerized environments. This role focuses on proactively identifying and mitigating security risks to ensure the resilience and integrity of our critical systems while enabling secure, scalable growth.

What You'll Do

• Integrate application security throughout the software development lifecycle, including secure design, threat modeling, and code reviews.
• Automate SAST/DAST/IAST tools in CI/CD pipelines and triage identified vulnerabilities.
• Support bug bounty programs, manage security releases, and participate in secure architecture reviews.
• Design and implement cloud security controls in AWS, GCP, or Azure.
• Build IAM policies, encryption strategies, logging, and network segmentation.
• Perform cloud vulnerability assessments and penetration tests, integrating Infrastructure as Code validation.
• Harden Kubernetes clusters, including nodes, control plane, network policies, and CNI.
• Audit Kubernetes deployments against benchmarks like CIS.
• Implement RBAC, pod security policies, security contexts, and mesh security (e.g., mTLS).
• Integrate security tools like Trivy, Falco, and kube-bench, and manage supply-chain risks using admission controllers/webhooks.
• Develop internal security tooling and scripts.
• Assist with incident response involving applications, cloud, or Kubernetes environments.
• Enhance metrics and tooling for vulnerability tracking and security posture.

What We're Looking For

• Bachelor’s degree in Computer Science, Engineering, or an equivalent field.
• 3+ years of experience in Application Security, Cloud Security, or Kubernetes security.
• Hands-on experience with SAST/DAST tools, CI/CD pipelines, and cloud-native security.
• Proficiency with Kubernetes security best practices for pods, policies, and RBAC.
• Familiarity with cloud platforms like AWS, Azure, or GCP, especially for securing container workloads.
• Experience with secure coding and threat modeling using frameworks like OWASP, NIST, or CSA.
• Proficiency in scripting languages like Python, Go, or Bash.
• Knowledge of the Kubernetes ecosystem, including Helm, Terraform, Prometheus, and service mesh tools.
• Experience with vulnerability scanners such as Trivy, kube-bench, and Falco.
• Familiarity with cloud-native monitoring and CSPM/CNAPP tools.
• Strong communication skills with the ability to mentor development and infrastructure teams.
• Analytical mindset with a security-first approach, focusing on detection, prevention, and response.
• Ability to distill complex security issues for both technical and executive audiences.
• A genuine alignment with our Company Core Values.

Technical Stack

• Cloud: AWS, GCP, Azure
• Orchestration: Kubernetes, Helm, Terraform
• Monitoring: Prometheus
• Languages: Python, Go, Bash
• Security Tools: Trivy, Falco, kube-bench
• Frameworks: OWASP, NIST, CSA

Team & Environment

You will join our IT team, working collaboratively to secure our technology ecosystem.

Work Mode

This position is based locally within the United States.

Real is proud to be an equal opportunity workplace employer. We are committed to equal employment opportunities regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity, or Veteran status.