Staff Cloud Security Engineer

Summary

Join our dynamic team as a Staff Cloud Security Engineer, where you'll play a pivotal role in securing the Temporal cloud environment for our customers. In this position, you'll work closely with our infrastructure teams, software engineering teams, and customers to build security deeply into our platform across multiple clouds. You'll also help shape how we use AI responsibly in both our infrastructure and our engineering processes. We're looking for individuals who are passionate about enabling engineering teams to build and ship securely, serving as trusted security partners across the organization.

What You’ll Do

• Collaborate with product and engineering teams to integrate security principles into the design and architecture of cloud infrastructure across multiple clouds (AWS, GCP, Azure, and others).
• Secure Temporal's core platform components, including the workflow engine, task queue architecture, and worker execution model - identifying attack surfaces unique to durable, stateful distributed systems.
• Conduct threat modeling and risk assessments to identify vulnerabilities and potential attack vectors across our multi-cloud environment, with particular focus on workflow execution, task queue integrity, and client-server trust boundaries.
• Secure Temporal's gRPC-based communication layer, including mTLS certificate management, service mesh configuration, and API authentication.
• Manage cloud security posture using tools such as Wiz, including misconfiguration detection, compliance monitoring, and remediation across all three cloud providers.
• Stay current on emerging cloud security standards and guidance (e.g. CSA Cloud Controls Matrix, CIS Benchmarks) and translate these into actionable internal policy.
• Able to participate in on-call rotation.

What You’ll Bring

• Bachelor’s degree in Computer Science, Cybersecurity, or a related field (or equivalent experience).
• 5+ years in cloud security or a related role.
• Proven partnership with engineering teams, bringing security expertise to infrastructure access and security posture.
• Kubernetes security posture management and auditing, including workload hardening, RBAC design, and admission control.
• Demonstrated experience with multi-tenant security architecture, including data plane isolation, control plane hardening, and cross-tenant data leakage prevention.
• Strong opinions on the use of AI in different areas (assessments, threat models, penetration testing, etc).
• A deep understanding of application architecture and design principles, ability to effectively identify vulnerabilities across multiple programming languages
• Experience with secrets management at scale (e.g. HashiCorp Vault, AWS Secrets Manager) and payload encryption patterns such as codec servers for protecting sensitive workflow data.
• Proficiency in Go.