Security Engineer

Role Overview

We are seeking a forward-thinking Security Engineer to join our team, focusing on SecOps for the cloud architecture supporting the product. In this role, you will operate across a complex, multi-cloud environment (AWS & GCP) comprising both traditional VMs and modern managed and unmanaged container-based architectures.

As part of a lean team, your primary focus will be on the aggressive automation of security processes. You will be responsible for deploying, integrating, and monitoring Jenkins and GitLab pipelines to ensure that 'Security as Code' scales seamlessly alongside our infrastructure. This includes the strategic deployment and management of CSPM, CNAPP, and CWPP tools to act as a force multiplier for the team.

Your operational cadence must be built on speed and automation over manual triage. Success requires you to continuously tune alerting to ensure high-fidelity signals, reduce alert fatigue, and build automated response workflows. Ultimately, you will conduct rigorous infrastructure reviews to ensure that cloud configurations, IAM policies, and orchestration layers meet our security baselines while maintaining rapid release velocity.

Key Responsibilities

• Multi-Cloud Governance (AWS & GCP): Deploy and manage Cloud Security Posture Management (CSPM) tools to automatically detect and remediate misconfigurations across both providers.
• Container Security Lifecycle: Implement Cloud Native Application Protection Platform (CNAPP) strategies by shifting left and integrating container image scanning directly into Jenkins and GitLab pipelines.
• Workload Protection: Deploy and tune Cloud Workload Protection Platform (CWPP) tools to monitor runtime behavior and detect anomalies in both VMs and Kubernetes pods.
• Advanced Automation & SOAR: Build Automated Response Playbooks to automatically enrich alerts, isolate compromised resources, and dismiss low-fidelity noise without human intervention.
• Infrastructure Review & Identity: Manage effective permissions across complex multi-cloud IAM structures and standardize secret management workflows.
• Release Readiness & Customer Trust: Collaborate closely with Technical Program Managers (TPMs) during software releases to enforce compliance standards and oversee vulnerability scanning. Additionally, respond to customer inquiries regarding the impact of Common Vulnerabilities and Exposures (CVEs) on our product.

Required Skills & Qualifications

• Multi-Cloud Fluency: Deep architectural understanding of GCP and AWS, with the ability to manage complex IAM policies, standardizing identity, and securing networking layers across both providers.
• Security Automation: Proficiency in Python, Go, or Bash to write custom scripts that eliminate toil, build auto-remediation playbooks, and streamline security operations.
• Infrastructure as Code (IaC): Experience developing secure Terraform modules and primitives for the organization to stem from, ensuring security defaults are baked into the architecture and catching misconfigurations before deployment.
• Developer Enablement: Design and maintain shared CI/CD security components (SAST/SBOM/Container Scanning) that are easily adoptable by engineering teams with minimal friction.
• Container Security: Proven experience securing managed (EKS, GKE) and unmanaged container workloads, with a strong emphasis on automating runtime defenses and admission controllers.
• Pragmatic Mindset: The ability to operate effectively in a fast-paced environment, balancing security rigor with business velocity.