Key skills
AnsibleAWSCloudDistributed SystemsKubernetesPythonTerraformTypeScriptIAMSaaSCI/CDCommunicationOWASPPenetration TestingCloud Security
About this role
Role Overview
- Lead security architecture and design reviews across applications, infrastructure, and integrations to ensure secure patterns are embedded early in the development lifecycle.
- Conduct and coordinate penetration testing, threat modeling, and security reviews for critical services, new features, and third-party integrations.
- Design and implement security automation within CI/CD pipelines to ensure secure coding practices and infrastructure policies are enforced at scale.
- Partner with infrastructure and DevOps teams to secure cloud platforms (AWS) and improve identity, network, and workload security.
- Build security observability and detection capabilities, including security data pipelines, SIEM integrations, and threat intelligence signals.
- Think like an attacker—identify systemic weaknesses and design controls that protect against entire classes of attacks, not just individual vulnerabilities.
- Work closely with developers to improve security practices through secure architecture guidance, code review support, and developer enablement.
- Lead incident response investigations and help build processes for identifying, analyzing, and mitigating security incidents.
- Own and evolve the bug bounty program, including triage, response processes, and improvements to vulnerability management workflows.
- Develop security standards, playbooks, and training programs that make security practices easier for engineering teams to adopt.
- Help define the security roadmap, identifying initiatives that improve both risk posture and operational efficiency.
Requirements
- Deep understanding of application security, cloud security, and modern threat landscapes, including common vulnerabilities and attack techniques (OWASP Top 10, MITRE ATT&CK, etc.)
- Strong software engineering background with experience writing production-grade code or automation (Python, Typescript, or similar)
- Hands-on experience securing cloud-native infrastructure, especially AWS, including IAM, networking, and containerized workloads.
- Experience building or integrating DevSecOps pipelines, including SAST, DAST, IaC scanning, and container security tooling.
- Experience designing security telemetry pipelines using tools such as SIEM platforms, observability systems, or data lakes.
- Experience running or participating in penetration testing, threat modeling, or architectural security reviews.
- Proven ability to collaborate effectively with engineering, DevOps, and product teams to drive secure design decisions.
- Excellent communication skills and the ability to clearly explain complex security risks and trade-offs to both technical and non-technical stakeholders.
- Strong understanding of SaaS architectures, distributed systems, and internet-facing platforms.
- Experience developing security frameworks aligned with CIS benchmarks, NIST, or SOC2 / PCI / HIPAA compliance requirements.
- Experience building security detections, threat intelligence pipelines, or runtime protection mechanisms.
- Hands-on experience with Kubernetes, container security, and infrastructure-as-code (Terraform, Ansible).
Tech Stack
- Ansible
- AWS
- Cloud
- Distributed Systems
- Kubernetes
- Python
- Terraform
- TypeScript
Benefits
- Competitive Compensation: Competitive salary and equity packages for all employees
- Healthcare Plan: Platinum medical, dental, and vision
- Free life insurance: Including long-term disability & short-term disability
- Unlimited PTO: Uncapped vacation days & paid holidays
- Family Leave: Maternity & paternity
- 401(k) Contribution: Assured contributes 3% of your income, even if you don't contribute
- WFH Benefits: Lunch on us 2x/week, monthly phone stipend & other home office perks
- Health FSAs & HSAs: Pre-tax accounts for out-of-pocket medical expenses
- Team events & Offsites: We're remote, but we regularly get together