Key skills
AWSCloudCyber SecurityGoogle Cloud PlatformJavaScriptKubernetesPythonRustSDLCGoGCPGoogle CloudOktaSAMLSSOCI/CDLeadershipCommunicationCloud Security
About this role
Role Overview
- Define and evolve the security architecture across cloud, application, and infrastructure domains.
- Lead threat modeling and risk analysis for complex systems and new product initiatives.
- Develop and guide implementation of secure design principles across engineering teams.
- Evaluate emerging security technologies and recommend strategic adoption.
- Perform enterprise-level risk assessments and translate findings into prioritized remediation roadmaps.
- Define and improve security policies, standards, and control frameworks.
- Drive alignment of security practices with regulatory and compliance requirements.
- Provide executive-ready summaries of risk posture and mitigation strategy.
- Lead complex security investigations and incident response efforts.
- Conduct root cause analysis and implement systemic improvements to reduce future risk.
- Develop and refine runbooks, playbooks, and response automation.
- Act as an escalation point for high-impact security events.
- Partner with engineering teams to integrate security into the SDLC.
- Define standards for secure code reviews and static/dynamic analysis.
- Improve automation for vulnerability scanning, detection, and remediation.
- Guide cloud security best practices across AWS/GCP environments.
- Act as a trusted advisor to engineering leadership and cross-functional partners.
- Influence technical decisions that balance security, scalability, and delivery speed.
- Foster strong relationships with vendors and external security partners.
- Mentor and guide junior security engineers and engineers outside the security team.
Requirements
- 8+ years of cybersecurity or security engineering experience
- Deep expertise in application security, cloud security (AWS/GCP), and modern DevSecOps practices
- Prior experience with modern javascript frameworks and microservice architecture
- Demonstrated experience designing and implementing scalable security architectures
- Strong understanding of SDLC, CI/CD pipelines, and secure development practices
- Experience conducting enterprise-level risk assessments and incident investigations
- Strong analytical thinking and ability to assess ambiguous risk scenarios
- Excellent written and verbal communication skills, including ability to influence senior stakeholders.
- Ability to operate independently and exercise sound judgment on high-impact security decisions.
- Experience working in regulated environments (HIPAA, SOC2, PCI, etc.) preferred.
- Offensive security experience or strong understanding of adversarial techniques.
- Development experience in any modern programming language is a plus (Python, Rust, Go, etc).
- Experience with SSO platforms (Okta, SAML).
- Experience with SIEM/SOC tooling and observability platforms.
- CISSP or equivalent security certification.
- Cloud security certifications (AWS/GCP) preferred.
- Certified Kubernetes Administrator certification is a plus.
Tech Stack
- AWS
- Cloud
- Cyber Security
- Google Cloud Platform
- JavaScript
- Kubernetes
- Python
- Rust
- SDLC
- Go
Benefits
- medical, dental, and vision insurance
- 401(k) with a company match
- ESPP
- unlimited vacation
- 13 paid holidays
- 72 hours of sick leave
- mental wellness programs
- financial wellness programs
- fertility benefits
- generous parental leave
- pet insurance
- supplemental life insurance for you and your dependents
- company-paid short-term and long-term disability