Manager, Security Engineering, Cloud & AppSec

This is a fully remote position, open to applicants in United States.

📋 Description

• Lead, mentor, and develop the Security Engineering team, which includes both Cloud Security Engineers and Application Security Engineers.

• Establish priorities and operational rhythms for the team, ensuring a balance between strategic security investments, everyday engineering support, and incident response.

• Design and implement security measures across our Cloud environments, including but not limited to: AWS, Azure, GCP, Digital Ocean, OCI, etc. This encompasses IAM, SCPs, VPC security, S3 bucket policies, security groups, key management, and logging.

• Continuously assess and enhance cloud security posture by managing and fine-tuning services such as GuardDuty, Security Hub, AWS WAF, CloudTrail, and Inspector.

• Collaborate with engineering teams to integrate security into the Software Development Life Cycle (SDLC), which includes secure design reviews, threat modeling, architecture review, and CI/CD security automation.

• Oversee the application security program, which includes secure coding practices, vulnerability management, developer enablement, and product security assessments.

• Continuously evaluate and enhance application security tools by managing and tuning services such as SonarQube, Dependency Track, ZAproxy, Trufflehog, and Trivy.

• Develop and maintain GitLab CI/CD pipelines and tools for automated security testing and scanning of cloud resources and applications.

• Perform threat modeling, architecture reviews, and risk assessments for cloud deployments, product features, and new systems.

• Implement security monitoring, secure system hardening, and detection controls for malicious activities across AWS and application environments.

• Respond promptly to new and emerging threats and vulnerabilities; assist in investigations, post-mortem analyses, root cause identification, and preventive measures.

• Define and enforce best practices for identity and access management, including least privilege, federated identity, role-based access control, and automated remediation.

• Develop and maintain security policies, standards, and procedures that align with frameworks such as SOC 2, GDPR, ISO 27001, FedRAMP, NIST, CIS, and MITRE ATT&CK.

• Create metrics, reports, and risk narratives that effectively communicate security posture, trends, and priorities to business owners and leadership.

• Assess and recommend new tools, techniques, and controls to enhance the security posture of our cloud and application environments.

⛳️ Requirements

• Proficient in AWS security services, Terraform, GitLab, and contemporary CI/CD security practices.

• In-depth understanding of AWS security architecture, IAM, cloud posture management, data security principles, and secure SDLC methodologies.

• Experience leading or closely collaborating with Application Security initiatives, including threat modeling, vulnerability management, and security reviews.

• Knowledgeable in compliance standards and security frameworks, such as SOC 2, GDPR, ISO 27001, FedRAMP, NIST, CIS, and MITRE ATT&CK.

• Strong written and verbal communication skills, capable of explaining technical risks and trade-offs to both technical and non-technical stakeholders.

• Ability to work independently as well as collaboratively within a team, demonstrating a strong sense of ownership and accountability.

• Experience developing metrics and reports that convey risk and security posture to leadership.

• Familiarity with Data Loss Prevention (DLP) concepts, including data classification, identification, and protection.

• Bachelor’s degree in Computer Science, Cybersecurity, Information Systems, or a related field, or equivalent practical experience.

• Over 5 years of experience in cybersecurity.

• More than 5 years of experience securing AWS environments.

• Over 5 years of experience securing cloud-native systems and modern software delivery pipelines.

• Previous experience leading security engineers or serving as a technical lead in a security engineering capacity.

🏝️ Benefits

• Health insurance

• Vision insurance

• Dental insurance

• Flexible vacation policy

• Generous parental leave

• Equity package in the form of stock options

• Career development opportunities

• Collaborative environment that fosters creativity