Security Engineer

This is a fully remote position, open to applicants in United States.

📋 Description

• Assist in determining whether to establish an internal SIEM or collaborate with an outsourced SOC provider, then implement the most suitable option based on our current company status.

• Develop incident response runbooks and triage workflows, followed by conducting tests (for instance, verifying backups for ransomware recovery).

• Be proactive in identifying and addressing security issues.

• Conduct hands-on scanning and hardening of our AWS posture, ensuring IAM policies, SCPs, security group hygiene, GuardDuty, Security Hub, and automated compliance guardrails are evaluated and maintained.

• Manage Cloudflare configuration encompassing WAF rules, DDoS protection, bot management, Zero Trust access, and DLP policies—keeping the rules updated and optimized as the product evolves.

• Integrate Infrastructure as Code (IaC) security scanning tools (such as Checkov, tfsec, or similar) directly into CI/CD pipelines.

• Deploy and oversee endpoint protection for both developer systems and production endpoints, covering EDR, device posture, behavior monitoring (including dynamic scans), DLP, and threat detection.

• Ensure that developer machines (typically Mac-heavy environments within engineering teams) adhere to baseline security standards while minimizing disruptions to workflow.

• Define and enforce endpoint compliance policies, including disk encryption, patch posture, and application controls.

• Secure our build and release pipelines.

• Consider adopting the SLSA framework and implementing supply chain integrity attestations for our catalog and environments.

• Establish dependency vulnerability scanning and manage the end-to-end remediation process for third-party services, libraries, middleware, operating systems, and SaaS.

• Incorporate SAST and SCA tools (such as Semgrep, Snyk, GitHub Advanced Security) into developer workflows.

• Engage in security design reviews and threat modeling for new features.

• Collaborate closely with developers to identify and rectify vulnerabilities using a risk-based approach rather than relying solely on vulnerability aging reports.

• Audit and streamline IAM across AWS, Cloudflare, SaaS applications, and internal tools; implement necessary fixes rather than merely addressing findings.

• Lead SSO consolidation, enforce MFA universally, and ensure least-privilege access is practiced, not just documented.

• Create a lightweight, repeatable access review process that operates on a regular schedule and yields actionable results.

• Oversee joiner/mover/leaver processes to maintain clean entitlements as the team expands.

• Assess and implement a suitable identity governance solution for our current stage—not an enterprise IGA platform, but one that provides control and audit capabilities.

⛳️ Requirements

• 3–5 years of hands-on security engineering experience, preferably in a software company or cloud-native setting.

• Proven experience in implementing security tools and controls rather than merely scoping or recommending them.

• Strong working knowledge of AWS security services: IAM, SCPs, GuardDuty, Security Hub, CloudTrail, and associated tools.

• Practical experience with Cloudflare—managing WAF rules, Zero Trust, DLP, or similar; willing to learn unfamiliar technologies.

• Background in deploying and managing endpoint protection (EDR/MDM) in a mixed developer and production environment.

• Familiarity with software supply chain concepts, including SBOMs, dependency management, artifact signing, and SLSA.

• Experience integrating SAST, SCA, or DAST tools into CI/CD pipelines.

• Proficiency in scripting or light automation (Python, Bash, or similar) to create repeatable processes.

• Ability to work autonomously, prioritize effectively, and function without a detailed playbook.

• A proactive individual who is concerned when something is insecure and takes the initiative to address it without waiting for others to act.

🏝️ Benefits

• Competitive salary.

• Meaningful equity in a well-funded company.

• Flexible hybrid work environment.