Menlo Security is hiring a Senior Security Engineer

We are looking for a forward-thinking Senior Security Engineer to join Menlo Security. You will focus on offensive and defensive security, penetration testing our product features, and auditing the cloud architecture supporting them. You’ll operate across a complex, multi-cloud environment (AWS & GCP) composed of traditional VMs and modern container-based architectures.

What You'll Do

• Partner with another penetration tester to conduct deep-dive tests of our products across multi-cloud environments (AWS & GCP).
• Review IAM policies, service configurations, and cloud-native permission structures for the control plane.
• Execute dynamic testing against web interfaces and API endpoints on the data plane.
• Assess the security posture of hybrid infrastructure mixing containers and Virtual Machines (VMs).
• Triage findings, create reproducible proofs-of-concept (PoCs), and collaborate with product teams to explain risk.
• Actively utilize AI and LLMs (e.g., Gemini, Claude) to automate reconnaissance, generate attack vectors, analyze configurations, and draft reports.
• Monitor bug bounty pipelines, validate external findings, and manage researcher communication.

What We're Looking For

• Deep architectural understanding of GCP and AWS.
• Proven experience auditing and hardening managed container services (GKE Autopilot/Standard, EKS, ECS) and self-hosted workloads (K8s, k3s, OCI-runc).
• Demonstrated ability to integrate AI/LLM tools into the pentesting lifecycle to increase speed and coverage.
• Expert-level knowledge of web application security, OWASP Top 10, modern framework exploitation, and API security. Extensive hands-on experience with Burp Suite Professional, OWASP ZAP, or similar.
• Proficiency in Python, Go, or Bash to write custom scripts and tooling that automate vulnerability discovery and testing workflows.
• Solid grasp of Terraform and cloud-native deployment patterns, with the ability to audit complex HCL files for misconfigurations.
• Ability to write high-quality technical reports that product teams can easily understand and act upon.

Technical Stack

• Cloud: AWS, GCP
• Containers: GKE Autopilot, EKS, ECS, Kubernetes, k3s, OCI-runc
• Infrastructure as Code: Terraform
• Languages/Tooling: Python, Go, Bash, Burp Suite Professional, OWASP ZAP
• AI: Gemini, Claude

Team & Environment

You will partner with other security engineers, including a fellow Penetration Tester and Cloud Security engineers.

Benefits & Compensation

• Salary: 120,000 CAD - 210,000 CAD + equity. All employees may be eligible to become Menlo Security shareholders through stock-based compensation grants.

Menlo Security is an equal opportunity employer. All aspects of employment are based on merit, competence, performance, and business needs. We do not discriminate on the basis of race, color, religion, marital status, age, national origin, ancestry, physical or mental disability, medical condition, pregnancy, genetic information, gender, sexual orientation, gender identity or expression, veteran status, or any other status protected under federal, state, or local law.