Key skills
AIAWSAzureGCPKubernetesIAMOktaSaaSSDLCCloud Security
About this role
XBOW is redefining the future of cybersecurity by building the world's first autonomous pentester powered by AI. They are seeking an experienced Security Engineer to secure their product, cloud, and platform while collaborating with engineering and platform teams to enhance security measures and improve incident response.
Responsibilities:
- Design and implement security controls across cloud, infrastructure, and internal platforms
- Partner with engineering to harden cloud architecture, IAM, and infrastructure
- Own product security reviews for new features, services, and major architecture changes
- Drive threat modeling and secure design decisions early in the SDLC
- Operate and improve AppSec workflows (SAST, SCA, secrets scanning, IaC scanning)
- Triage vulnerabilities across application, container, and cloud findings, and drive remediation with risk-based SLAs
- Define and run the vulnerability management lifecycle: intake, prioritization, exception handling, validation, and reporting
- Improve CNAPP coverage and finding quality across cloud accounts and workloads
- Improve Kubernetes and container security posture
- Monitor, investigate, and respond to security events and incidents
- Build automation to improve security operations, access workflows, and incident response
- Support the compliance function by implementing and maintaining technical controls for SOC 2 and ISO 27001, and by documenting security processes, playbooks, and policies that scale with the company
- Support the IT team with timezone coverage for core operational security tasks, including SaaS administration (Okta, Google Workspace, 1Password), onboarding/offboarding workflows, and endpoint access management (MDM, VPN, and secure device provisioning) for a fully remote team
Requirements:
- 5+ years of experience in security engineering, product security, cloud/platform security, or closely related roles
- Strong hands-on experience securing cloud environments (AWS and Azure)
- Comfortable owning technical security problems end-to-end in fast-moving environments
- Hands-on experience with product/application security in engineering environments (secure design reviews, threat modeling, code-level risk discussions)
- Experience operating AppSec tooling and processes at scale (SAST, SCA, secrets, IaC scanning)
- Strong vulnerability triage and remediation management experience, including risk-based prioritization and SLAs
- Experience with CNAPP (or equivalent cloud security platforms) and tuning findings for engineering actionability
- Working knowledge of Kubernetes/container security in production systems
- Ability to partner with developers and platform teams to ship secure defaults without blocking delivery
- Comfortable writing scripts and automations to improve security reliability and scale
- Experience in incident response, investigation, and post-incident hardening in cloud-native environments
- Familiar with SOC 2 requirements and comfortable implementing technical controls to support compliance
- Security-minded, detail-oriented, and a proactive communicator in remote-first teams
- Multi-cloud experience beyond AWS (e.g., Azure/GCP/OCI)
- Offensive security/pentesting background and ability to convert findings into durable engineering fixes
- Experience scaling security at a startup from early stage to audit-ready maturity
- Relevant security certifications (e.g., OSCP, OSCE, AWS Security Specialty, Kubernetes security certs)
- Proficient with identity and access systems (Okta, Google Workspace, cloud IAM) and access lifecycle management