Senior Security Engineer

This is a fully remote position, open to applicants in North America.

📋 Description

• Play a key role in our application security initiative. Collaborate with our SAST, DAST, and SCA tools, assess and prioritize vulnerabilities, and work alongside engineering teams to facilitate remediation efforts. Engage in threat modeling and secure design assessments for new products and services.

• Share the responsibility of incident response on-call. Analyze, contain, and resolve security incidents in collaboration with the team. Assist in enhancing our runbooks, detection capabilities, and post-incident procedures.

• Aid in fortifying our cloud and Kubernetes environment. Contribute to strengthening our security posture across GCP and GKE by focusing on IAM and least-privilege access, secrets management, container security, supply chain security, and IaC guardrails (Terraform).

• Develop detections and automate security processes. Create high-signal detections from cloud, identity, and application telemetry. Automate the repetitive tasks of vulnerability triage, access reviews, SaaS security posture, and questionnaire workflows to enhance team scalability.

• Optimize customer security interactions. Assist in addressing customer security questionnaires and audits, and develop internal tools and a knowledge base to accommodate growing deal volumes.

• Enhance business continuity and disaster recovery (DR). Evaluate threats to continuity, contribute to DR planning, and conduct practical exercises to test these plans.

• Foster a security-oriented culture within engineering. Collaborate on developer training, provide secure coding guidance, and contribute to standards to ensure that the secure path is the straightforward path.

⛳️ Requirements

• Over 5 years of hands-on experience in managing cloud infrastructure and automation.

• Familiarity with achieving SOC2 Type II, ISO 27001, or comparable certifications.

• Proficient in Node.js or Python for backend services within a microservices architecture.

• More than 3 years of experience working with cloud providers, ideally Google Cloud Platform (GCP).

• Extensive experience with cloud security on GCP or AWS, covering IAM, Kubernetes, and Infrastructure as Code (IaC).

• Understanding of asynchronous processing, message queues (e.g., Kafka, Pub/Sub), and event-driven architecture for backend applications.

• A focus on the success of the internal engineering team.

🏝️ Benefits

• The total compensation package includes stock options, benefits, and various additional perks.