Company Overview
We're a technology-first organization building and operating modern, cloud-native products at scale. Security is a core product requirement, so our Security Engineering team works closely with Engineering, Product, and Cloud Platform teams to ensure we ship fast and safely.
This role is strategically important: you'll directly influence how we design, build, test, deploy, and monitor software by reducing risk, improving customer trust, and helping the business move faster with confidence.
Key Responsibilities
- Perform hands-on security assessments through manual and automated testing.
- Partner with engineering teams to remediate findings with clear, actionable guidance and validated fixes.
- Secure cloud architectures for AWS/Azure through security controls such as IAM guardrails, least privilege, conditional access patterns, and role hygiene.
- Ensure compliance alignment with ISO 27002 and NIST frameworks via technical controls mapping and audit support.
- Assess and harden cloud services and configurations; support cloud incident response investigations when needed.
- Mature the vulnerability management program across application, infrastructure, and cloud layers: Risk-based prioritization using CVSS, exploitability context, business criticality, and exposure.
- Develop detection strategies leveraging MITRE ATT&CK mapping, attacker tradecraft, and telemetry coverage gaps.
- Define continuous monitoring and incident response workflows for application and cloud events (alerts, triage, containment, and lessons learned).
- Collaborate with SOC/IR stakeholders to improve signal quality and reduce false positives through tuning and correlation
- Enhance security in current CICD with shift-left and shift-right controls (SAST, SCA, secrets scanning, IaC scanning, DAST, API testing, container scanning)
- Establish measurable KPIs (MTTR for vulnerabilities, coverage, SLA adherence, release risk scoring).
Required Technical Skills
- Application security expertise: OWASP Top 10, API security, threat modeling, secure code review practices.
- Cloud security experience in AWS and/or Azure, including IAM, network controls, encryption, logging/monitoring, and secure architecture patterns.
- Familiarity with ISO 27002 and NIST control families and how they translate to technical implementations.
- Ability to automate with Python and/or Bash
- Experience with modern engineering stacks and deployment models: microservices, APIs, containers, Kubernetes concepts.
- Working knowledge of containerization/orchestration and supply-chain risks (images, registries, pipeline integrity).
- Tooling experience (or ability to ramp quickly):
- Burp Suite, and exposure to application security platforms such as ArmorCode (or equivalent ASPM/AppSec management).
Nice-to-Have / Preferred Skills
- Experience building security programs at scale (standards, patterns, enablement, and governance that engineers actually adopt).
- Experience in incident response in complex environments.
- Experience with security testing automation at enterprise scale (coverage strategy, quality gates, exception workflows).
- Knowledge of common cloud attack paths and defense-in-depth controls (identity abuse, metadata attacks, SSRF to cloud creds, supply chain).
- Experience supporting audits and evidence gathering in a pragmatic, engineering-first way.
Preferred Certifications (Nice to Have)
- OSCP (highly relevant), CISSP
- GIAC: GDAT, GPEN, GEVA, GCTD, GCDA, GWASP
- Burp Suite Certified Practitioner (BSCP)
Soft Skills
- Strong analytical mindset: you can identify root causes and propose durable fixes, not just findings.
- Excellent communication: can write clear reports, explain risk in business terms, and guide developers to solutions.
- Collaboration-first: works effectively with Engineering, Cloud Platform, SOC/IR, and Compliance/Audit.
- Proactive and curious: stays current on emerging threats, vulnerabilities, and exploitation techniques.
Professional Development
- Dedicated budget and time for training, certifications, labs, and tools.
- Opportunities to lead security initiatives, influence architecture, and ship meaningful improvements.
- Support for conference participation, workshops, and community engagement.
Compensation and Benefits
- Competitive salary aligned to senior-level expectations
- Comprehensive benefits package
Note to Candidates
This role requires a proactive, builder mindset. You'll be expected to combine hands-on technical security work (testing, review, architecture) with practical enablement (automation, standards, coaching) to continuously raise the security bar while supporting rapid product delivery.
