Staff Cloud Security Engineer

This is a fully remote position, open to applicants in United States.

📋 Description

• Collaborate with product and engineering teams to embed security principles into the design and architecture of cloud infrastructures across various platforms (AWS, GCP, Azure, and others).

• Secure Temporal's essential platform components, including the workflow engine, task queue architecture, and worker execution model, by identifying attack surfaces that are unique to durable, stateful distributed systems.

• Perform threat modeling and risk assessments to pinpoint vulnerabilities and potential attack vectors within our multi-cloud environment, with a specific emphasis on workflow execution, task queue integrity, and client-server trust boundaries.

• Safeguard Temporal's gRPC-based communication layer, which includes mTLS certificate management, service mesh configuration, and API authentication.

• Oversee cloud security posture using tools such as Wiz, focusing on misconfiguration detection, compliance monitoring, and remediation across all three cloud providers.

• Stay updated on emerging cloud security standards and guidelines (e.g., CSA Cloud Controls Matrix, CIS Benchmarks) and translate these into actionable internal policies.

• Participate in on-call rotation as needed.

⛳️ Requirements

• Bachelor’s degree in Computer Science, Cybersecurity, or a related field (or equivalent experience).

• Over 5 years of experience in cloud security or a related role.

• Proven collaboration with engineering teams, providing security expertise related to infrastructure access and security posture.

• Experience in Kubernetes security posture management and auditing, including workload hardening, RBAC design, and admission control.

• Demonstrated expertise in multi-tenant security architecture, focusing on data plane isolation, control plane hardening, and prevention of cross-tenant data leakage.

• Strong opinions on the application of AI in various areas (assessments, threat models, penetration testing, etc.).

• A comprehensive understanding of application architecture and design principles, with the ability to effectively identify vulnerabilities across multiple programming languages.

• Experience with secrets management at scale (e.g., HashiCorp Vault, AWS Secrets Manager) and payload encryption patterns such as codec servers for safeguarding sensitive workflow data.

• Proficient in Go; familiarity with Python is a plus. Go is the primary server and SDK language for Temporal.

• Strong knowledge of gRPC security, mTLS, and service mesh architectures (Istio, Envoy).

• Excellent communication skills, with the ability to articulate complex security concepts to non-technical stakeholders.

• Strong collaboration and communication abilities.

🏝️ Benefits

• Unlimited PTO, 12 Holidays + 2 Floating Holidays

• 100% Premium Coverage for Medical, Dental, and Vision

• AD&D, Long-Term & Short-Term Disability, and Life Insurance (Standard & Supplemental Options Available)

• Empower 401K Plan

• Additional perks for Learning & Development, Lifestyle Spending, In-Home Office Setup, Professional Memberships, WFH Meals, Internet Stipend, and more!