Key skills
PythonBashAILLMKubernetesVaultOAuthJWTSAMLIstioService MeshCI/CDRisk ManagementTrivy
About this role
Elios Talent is seeking a Senior Security Engineer to take ownership of the security posture across a complex, high-scale platform environment. This role involves partnering with engineering, data, and product teams to design secure systems and implement security practices in cloud-native architectures.
Responsibilities:
- Own and operate the platform’s security posture end-to-end across core controls including Vault, service mesh security (mTLS), network policies, and policy-as-code frameworks
- Design and implement zero-trust security architecture across services, infrastructure, and data layers
- Conduct threat modeling (STRIDE) for new services and features, documenting risks and mitigation strategies
- Implement and manage supply chain security practices including container scanning, image signing, SBOM generation, and dependency management
- Define and enforce identity and access controls (SAML, OIDC, OAuth, JWT) and integrate with enterprise identity providers
- Establish and enforce data security controls including classification, masking, tokenization, and API-level protections
- Own runtime detection and response, including alerting, SIEM integration, and signal optimization
- Lead security incident response, including containment, remediation, and post-incident analysis
- Design and enforce security controls for AI/LLM systems, including egress controls, prompt injection mitigation, and data protection
- Maintain security runbooks and lead regular internal security reviews
Requirements:
- 6+ years of experience in security engineering, platform security, or DevOps/SRE with a strong security focus
- Hands-on experience securing Kubernetes-based production environments (workload isolation, network policies, admission controls)
- Experience with secrets management and identity systems (Vault, PKI, SAML/OIDC, enterprise IdPs)
- Strong background in supply chain security and integrating security controls into CI/CD pipelines
- Experience contributing to or leading security incident response and remediation efforts
- Ability to work cross-functionally and influence engineering teams without blocking delivery
- Zero-trust architecture, defense-in-depth, and least privilege design
- Kubernetes security, policy-as-code (OPA/Gatekeeper, Kyverno), and network policy frameworks
- Service mesh security (Istio, mTLS, authorization policies)
- Supply chain tooling (Trivy, Cosign/Sigstore, Syft, Dependabot/Renovate)
- Identity and access protocols (SAML 2.0, OIDC, OAuth 2.0, JWT)
- Data security practices including PII protection, tokenization, and classification frameworks
- Runtime security and monitoring (Falco, SIEM integration)
- Scripting and automation (Python, Bash)
- Familiarity with compliance frameworks such as SOC 2, ISO 27001, and GDPR
- Experience designing security controls for AI systems, including prompt injection mitigation and data exfiltration prevention
- Understanding of risks in agent-based systems and LLM-integrated workflows
- Experience leveraging AI tools for threat modeling, policy generation, and vulnerability analysis
- Security-first mindset with a focus on enabling, not blocking, delivery
- Strong systems thinking across infrastructure, applications, and data
- Pragmatic approach to risk management and control implementation
- Ability to communicate complex security risks in clear, business-impact terms