Senior Security Engineer

We’re a technology-first organization building and operating modern, cloud-native products urity is a core product requirement, so our Security Engineering team works closely with Engineering, Product, and Cloud Platform teams to ensure we ship fast and safely.

This role is strategically important: you’ll directly influence how we design, build, test, deploy, and monitor software by reducing risk, improving customer trust, and helping the business move faster with confidence.

• Perform hands‑on security assessments through manual and automated testing.
• Partner with engineering teams to remediate findings with clear, actionable guidance and validated fixes.
• Secure cloud architectures for AWS/Azure through security controls such as IAM guardrails, least privilege, conditional access patterns, and role hygiene.
• Ensure compliance alignment with ISO 27002 and NIST frameworks via technical controls mapping and audit support.
• Assess and harden cloud services and configurations; support cloud incident response investigations when needed.
• Mature the vulnerability management program across application, infrastructure, and cloud layers: risk‑based prioritization using CVSS, exploitability context, business criticality, and exposure.
• Develop detection strategies leveraging MITRE ATT&CK mapping, attacker tradecraft, and telemetry coverage gaps.
• Define continuous monitoring and incident response workflows for application and cloud events (alerts, triage, containment, and lessons learned).
• Collaborate with SOC/IR stakeholders to improve signal quality and reduce false positives through tuning and correlation.
• Enhance security in current CICD with “shift‑left” and “shift‑right” controls (SAST, SCA, secrets scanning, IaC scanning, DAST, API testing, container scanning).
• Establish measurable KPIs (MTTR for vulnerabilities, coverage, SLA adherence, release risk scoring).

• Application security expertise: OWASP Top 10, API security, threat modeling, secure code review practices.
• Cloud security experience in AWS and/or Azure, including IAM, network controls, encryption, logging/monitoring, and secure architecture patterns.
• Familiarity with ISO 27002 and NIST control families and how they translate to technical implementations.
• Ability to automate with Python and/or Bash.
• Experience with modern engineering stacks and deployment models: microservices, APIs, containers, Kubernetes concepts.
• Working knowledge of containerization/orchestration and supply‑chain risks (images, registries, pipeline integrity).
• Tooling experience (or ability to ramp quickly):
• Burp Suite, and exposure to application security platforms such as Armor Code (or equivalent ASPM/App Sec management).

• Experience building security programs at scale (standards, patterns, enablement, and governance that engineers actually adopt).
• Experience in incident response in complex environments.
• Experience with security testing automation at enterprise scale (coverage strategy, quality gates, exception workflows).
• Knowledge of common cloud attack paths and defense‑in‑depth controls (identity abuse, metadata attacks, SSRF to cloud creds, supply chain).
• Experience supporting audits and evidence gathering in a pragmatic, engineering‑first way.

• OSCP (highly relevant), CISSP
• GIAC: GDAT, GPEN, GEVA, GCTD, GCDA, GWASP

• Strong analytical mindset: you can identify root causes and propose durable fixes, not just findings.
• Excellent communication: can write clear reports, explain risk in business terms, and guide developers to solutions.
• Collaboration‑first: works effectively with Engineering, Cloud Platform, SOC/IR, and Compliance/Audit.
• Proactive and curious: stays current on emerging threats, vulnerabilities, and exploitation techniques.

• Dedicated budget and time for training, certifications, labs, and tools.
• Opportunities to lead security initiatives, influence architecture, and ship meaningful improvements.
• Support for conference participation, workshops, and community engagement.

• Competitive salary aligned to senior‑level expectations

This role requires a proactive, builder mindset. You’ll be expected to combine hands‑on technical security work (testing, review, architecture) with practical enablement (automation, standards, coaching) to continuously raise the security bar while supporting rapid product delivery.