Key skills
AWSAzureCloudGoogle Cloud PlatformGCPGoogle CloudSSOSaaSCloud Security
About this role
Role Overview
- Support and execute security incident response activities, including triage, investigation support, containment coordination, lessons learned, and corrective action tracking
- Develop and maintain incident response playbooks, runbooks, and escalation paths; participate in and help run tabletop exercises
- Operate and improve enterprise security controls and tooling (e.g., endpoint protection/EDR, SaaS security controls, email security, access control workflows), ensuring reliable configuration and ongoing effectiveness
- Partner with Observability Engineering to ensure security-relevant telemetry is available for investigations and response (without owning SIEM/telemetry platform administration)
- Partner with Vulnerability Management to drive remediation execution, validate fixes where appropriate, and reduce repeat findings through hardening and control improvements
- Coordinate security investigations with DevOps, IT, and Engineering teams; track actions through to closure and document outcomes
- Support access governance and least-privilege initiatives, including periodic access reviews, privileged access workflows, and secure authentication controls
- Create and maintain security documentation for processes, controls, and operational procedures to enable consistency across teams and geographies
- Assist with security control evidence and operational readiness activities for compliance frameworks (e.g., SOC 2, ISO 27001, FedRAMP/GovRAMP, NIST 800-53) in partnership with Compliance and platform teams
- Identify opportunities for automation to improve security operations efficiency (ticketing workflows, control checks, integrations, scripting)
Requirements
- 5+ years of experience in Information Security, Security Engineering, or Security Operations roles within a SaaS or cloud-centric environment
- Hands-on experience supporting incident response and investigations, including building/using runbooks and participating in post-incident reviews
- Experience implementing and operating security controls and security tooling across endpoints, SaaS applications, and cloud environments
- Working knowledge of cloud security fundamentals (AWS, Azure, or GCP), identity/access concepts (SSO, MFA, RBAC), and modern security best practices
- Ability to collaborate effectively with technical teams (DevOps, Engineering, Observability, AppSec) to drive remediation and measurable risk reduction
- Familiarity with vulnerability and risk concepts (CVEs, prioritization, remediation tracking), even if not the program owner
- Strong documentation habits and an operational mindset (clear processes, repeatability, auditability)
- Due to FedRAMP requirements, candidates must be a U.S. Person.
Tech Stack
- AWS
- Azure
- Cloud
- Google Cloud Platform
Benefits
- Medical, Dental & Vision (inclusive of domestic partnerships)
- Employer Paid Life Insurance & Employee/Spouse/Child Supplemental life
- Voluntary Short/Long Term Disability Insurance
- 401K (Roth/Traditional)
- A generous PTO plan that celebrates your commitment and seniority (including paid Bereavement/Jury Duty, etc)
- Above market annual bonuses