Menlo Security is looking for a Security Engineer to join our team. You will focus on SecOps for the cloud architecture supporting our product, operating across a complex, multi-cloud environment with AWS and GCP, including traditional VMs and modern container-based architectures. Your primary mission will be the aggressive automation of security processes.

What You'll Do

Deploy and manage Cloud Security Posture Management (CSPM) tools to automatically detect and remediate misconfigurations across AWS and GCP.
Implement Cloud Native Application Protection Platform (CNAPP) strategies by shifting left and integrating container image scanning directly into Jenkins and GitLab pipelines.
Deploy and tune Cloud Workload Protection Platform (CWPP) tools to monitor runtime behavior and detect anomalies in both VMs and Kubernetes pods.
Build Automated Response Playbooks to automatically enrich alerts, isolate compromised resources, and dismiss low-fidelity noise without human intervention.
Manage effective permissions across complex multi-cloud IAM structures and standardize secret management workflows.
Collaborate closely with Technical Program Managers (TPMs) during software releases to enforce compliance standards and oversee vulnerability scanning.
Respond to customer inquiries regarding the impact of Common Vulnerabilities and Exposures (CVEs) on our product.

What We're Looking For

Deep architectural understanding of GCP and AWS, with the ability to manage complex IAM policies, standardizing identity, and securing networking layers across both providers.
Proficiency in Python, Go, or Bash to write custom scripts that eliminate toil, build auto-remediation playbooks, and streamline security operations.
Experience developing secure Terraform modules and primitives for the organization to stem from, ensuring security defaults are baked into the architecture and catching misconfigurations before deployment.
Design and maintain shared CI/CD security components (SAST/SBOM/Container Scanning) that are easily adoptable by engineering teams with minimal friction.
Proven experience securing managed (EKS, GKE) and unmanaged container workloads, with a strong emphasis on automating runtime defenses and admission controllers.
The ability to operate pragmatically within a lean team, knowing how to prioritize risk based on runtime context and business impact rather than just chasing scanner outputs.
Proven ability to implement and manage Just-In-Time access policies to replace manual tickets, eliminating standing privileges.
Due to the role’s involvement in federal compliance activities, the candidate is required to be a US citizen.

Nice to Have

Proven experience designing and deploying fully automated security systems using AWS Step Functions or Google Cloud Workflows.
Experience troubleshooting and tuning security agent performance to balance deep visibility with system stability, specifically preventing CPU/Memory exhaustion in high-traffic proxy environments.
Understanding of Linux security primitives, specifically the use of MAC (Mandatory Access Control) like AppArmor or SELinux, DAC (Discretionary Access Control), and Linux kernel capabilities.

Technical Stack

AWS, GCP, Jenkins, GitLab, Terraform
Python, Go, Bash
Kubernetes, EKS, GKE
CSPM, CNAPP, CWPP, SAST, SBOM
Linux

Team & Environment

You will be part of a lean team that values collaboration, pragmatism, and automation.

Benefits & Compensation

Salary range: $105,000 - $185,000
Equity: All employees may be eligible to become Menlo Security shareholders through eligibility for stock-based compensation grants.

Menlo Security is an equal opportunity employer. All aspects of employment will be based on merit, competence, performance, and business needs. We do not discriminate on the basis of race, color, religion, marital status, age, national origin, ancestry, physical or mental disability, medical condition, pregnancy, genetic information, gender, sexual orientation, gender identity or expression, veteran status, or any other status protected under federal, state, or local law.