Job Description:
• Lead, coach, and grow the Security Engineering team, including both Cloud Security Engineers and Application Security Engineers
• Set priorities and operating rhythms for the team, balancing strategic security investments, day-to-day engineering support, and incident response
• Design and implement security controls across our Cloud environments, such as but not limited to: AWS, Azure, GCP, Digital Ocean, OCI, etc., including IAM, SCPs, VPC security, S3 bucket policies, security groups, key management, and logging
• Continuously monitor and improve cloud posture by managing and tuning services such as GuardDuty, Security Hub, AWS WAF, CloudTrail, and Inspector
• Partner with engineering teams to embed security into the SDLC, including secure design reviews, threat modeling, architecture review, and CI/CD security automation
• Lead the application security program, including secure coding practices, vulnerability management, developer enablement, and product security reviews
• Continuously monitor and improve application security tooling by managing and tuning services such as SonarQube, Dependency Track, ZAproxy, Trufflehog, Trivy
• Build and maintain GitLab CI/CD pipelines and tooling for automated security testing and scanning of cloud resources and applications
• Conduct threat modeling, architecture reviews, and risk assessments for cloud deployments, product features, and new systems
• Implement security monitoring, secure systems hardening, and detective controls for malicious activity across AWS and application environments
• Respond quickly to new and emerging threats and vulnerabilities; support investigations, post-mortem analysis, root cause identification, and preventive actions
• Define and enforce identity and access management best practices, including least privilege, federated identity, role-based access control, and automated remediation
• Develop and maintain security policies, standards, and procedures aligned to frameworks such as SOC 2, GDPR, ISO 27001, FedRAMP, NIST, CIS, and MITRE ATT&CK
• Create metrics, reporting, and risk narratives that communicate security posture, trends, and priorities to business owners and leadership
• Evaluate and recommend new tools, techniques, and controls to improve the security posture of our cloud and application environments
Requirements:
• Must be proficient in AWS security services, Terraform, GitLab, and modern CI/CD security practices
• Must have a deep understanding of AWS security architecture, IAM, cloud posture management, data security principles, and secure SDLC practices
• Must have experience leading or closely partnering with Application Security efforts, including threat modeling, vulnerability management, and security reviews
• Must be knowledgeable in compliance standards and security frameworks, including SOC 2, GDPR, ISO 27001, FedRAMP, NIST, CIS, and MITRE ATT&CK
• Must have strong written and verbal communication skills, with the ability to explain technical risks and tradeoffs to both technical and non-technical stakeholders
• Must be able to work independently and as part of a team, with a strong sense of ownership and accountability
• Must have experience developing metrics and reporting that communicate risk and security posture to leadership
• Must have familiarity with DLP concepts, including data classification, identification, and protection
• Bachelor’s degree in Computer Science, Cybersecurity, Information Systems, or a related field, or equivalent practical experience
• 5+ years of experience in cybersecurity
• 5+ years of experience securing AWS environments
• 5+ years of experience securing cloud-native systems and modern software delivery pipelines
• Prior experience leading security engineers or serving as a technical lead in a security engineering function
Benefits:
• Health insurance
• Vision insurance
• Dental insurance
• Flexible vacation policy
• Generous parental leave
• Equity package in the form of stock options
• Career development opportunities
• Collaborative environment that encourages creativity