Staff Cyber Resilience Engineer

This is a fully remote position, open to applicants in Colorado.

📋 Description

• Take ownership of our Recovery Architecture.

• Design and construct an Isolated Recovery Environment — a secure AWS account featuring immutable vaults that disrupt the attacker’s kill chain before it can access our data.

• Conduct threat modeling of our environment, deeply understanding cloud-native attack patterns such as IAM privilege escalation, backup deletion, ransomware persistence, and lateral movement across accounts.

• Assess and continuously enhance backup configurations to guarantee recoverability, rather than mere existence.

• Standardize and Automate Infrastructure.

• Spearhead our transition to 100% Infrastructure as Code. Every asset (VPCs, IAM roles, security groups) must be defined in Terraform to enable the complete redeployment of the stack into a pristine account via an automated pipeline.

• Develop automated recovery workflows capable of dismantling a compromised environment and initializing a new, hardened one from verified code and clean data.

• Create and maintain executable recovery playbooks that outline the precise API calls and CLI commands required to restore the application — tested, versioned, and runnable, rather than static documents.

• Validate, Test, and Lead Exercises.

• Generate automated scripts (using Python or Go) to perform smoke tests on recovered data and confirm integrity after restoration.

• Facilitate regular hands-on recovery drills that simulate the complete loss of a critical environment and its full recovery into a secondary clean account. Manage the after-action process and promote improvements.

• Drive Engineering Standards.

• Serve as the resilience authority for the engineering organization — influencing high-availability architecture decisions, participating in design reviews, and elevating our approach to recoverability.

• Collaborate with the Site Reliability Engineering team on multi-region deployments and high-availability design, ensuring cyber resilience is integrated into architecture from the outset.

• Advocate for Infrastructure as Code and immutable infrastructure practices across teams, extending beyond your own workstream.

⛳️ Requirements

• Over 8 years of experience in complex cloud environments (any of AWS/GCP/Azure), with at least 3 years specifically in AWS. Experience with EKS/Kubernetes is highly beneficial.

• Proficient in Terraform. You should be capable of modularizing complex environments to be environment-agnostic.

• Practical knowledge of the Secure Vault pattern: safeguarding data in a separate, highly restricted AWS account with stringent network controls.

• Advanced shell scripting skills and proficiency in either Python or Go to automate restoration tasks that are not covered by native AWS tools.

• Familiarity with CI/CD tools (like Scalr, GitHub Actions, or equivalents) to facilitate widespread use of recovery pipelines throughout the organization.

• Demonstrated ability to engineer and automate comprehensive restoration workflows.

🏝️ Benefits

• 401(k) match

• Medical, dental, and vision insurance

• Life and disability insurance

• Generous paid time off, including vacation, sick leave, floating and fixed holidays, maternity and bonding leave

• Employee Assistance Program (EAP) and other wellbeing resources

• And much more.