The Security Engineer will lead SecOps for cloud infrastructure supporting the product, operating across AWS and GCP environments that include VMs and containerized workloads. Responsibilities include automating security processes, deploying and tuning cloud security platforms, enforcing security baselines, and enabling fast, secure product delivery.
Responsibilities
- Deploy and oversee Cloud Security Posture Management (CSPM) solutions to identify and correct misconfigurations in AWS and GCP environments.
- Integrate Cloud Native Application Protection Platform (CNAPP) capabilities by embedding container image scanning into Jenkins and GitLab CI/CD pipelines to shift security left.
- Implement and fine-tune Cloud Workload Protection Platform (CWPP) tools to monitor runtime activity and detect anomalies across virtual machines and Kubernetes pods.
- Develop automated response playbooks to enrich security alerts, isolate affected resources, and filter out false positives without manual intervention.
- Oversee identity and access management across multi-cloud IAM systems and standardize secure handling of secrets.
- Work with Technical Program Managers during release cycles to ensure compliance adherence and effective vulnerability scanning.
- Address customer questions about how specific CVEs may affect the product’s security posture.
Requirements
- Strong architectural knowledge of AWS and GCP, including managing complex IAM policies, securing network layers, and standardizing identity practices across both platforms.
- Proficient in Python, Go, or Bash for creating automation scripts that reduce manual effort, enable auto-remediation, and improve security operations efficiency.
- Experience building secure Terraform modules and foundational components that bake security into infrastructure and catch misconfigurations before deployment.
- Design and maintain shared security components in CI/CD pipelines, including SAST, SBOM generation, and container scanning, to ensure broad adoption with minimal friction.
- Demonstrated experience securing both managed (EKS, GKE) and self-managed container environments, with a focus on automating runtime protections and admission controls.
- Ability to operate effectively in a lean team setting by prioritizing risks based on operational context and business impact rather than solely relying on scan results.
- Proven track record implementing and managing Just-In-Time access controls to eliminate standing privileges and reduce attack surface.
- Must be a US citizen due to involvement in federal compliance initiatives.
Nice to Have
- Experience building fully automated security workflows using AWS Step Functions or Google Cloud Workflows.
- History of designing event-driven systems that orchestrate multi-step security processes, such as triggering scans on resource creation, filtering data, and routing high-priority alerts to Slack or Grafana.
- Hands-on experience tuning security agents to maintain system stability and prevent resource exhaustion, especially in high-throughput proxy environments.
- Familiarity with Linux security mechanisms, including Mandatory Access Control (AppArmor, SELinux), Discretionary Access Control, and Linux kernel capabilities.
Tech Stack
AWS, GCP, Jenkins, GitLab, CSPM, CNAPP, CWPP, Terraform, Python, Go, Bash, SAST, SBOM, Container Scanning, EKS, GKE, Kubernetes, IAM, AppArmor, SELinux, Linux kernel capabilities, AWS Step Functions, Google Cloud Workflows, Slack, Grafana
Benefits
- Base salary is included in a competitive total compensation and benefits package.
- Eligibility for stock-based compensation based on company and individual performance.
- Opportunities to become a shareholder.
Compensation
Base salary range is $105,000 - $185,000. Equity: Stock-based compensation grants available based on performance. Total compensation includes base salary and potential equity
Team
Part of a lean security engineering team focused on automation and cloud security.
- Stay Aligned
- Get It Done
- Customer Empathy
- Think Creatively
- Help Each Other Out
Additional Information
- The candidate must be a US citizen due to involvement in federal compliance activities.
- The company is an equal opportunity employer and does not discriminate based on race, color, religion, marital status, age, national origin, ancestry, physical or mental disability, medical condition, pregnancy, genetic information, gender, sexual orientation, gender identity or expression, veteran status, or any other protected category.
- Agencies must have a valid services agreement and be assigned by the Talent team to submit candidates; otherwise, submissions are considered the sole property of the company and no fee will be paid.
- All qualified applicants will be considered for employment without regard to race, sex, color, religion, sexual orientation, gender identity, national origin, protected veteran status, or disability.
