Key skills
AIAWSTerraformCloud Security
About this role
Clay is a company dedicated to helping organizations turn growth ideas into reality through creativity and unique strategies. They are seeking a Security Engineer to join their growing security engineering team, who will be responsible for managing cloud security, application security, and incident response while leveraging AI tools to enhance security measures.
Responsibilities:
- Secure our cloud environment (network policies, container security, secrets management, misconfiguration prevention)
- Manage identity and access policies
- Protect, monitor, and mitigate network-level attacks
- Experience with infrastructure-as-code, audit, and CSPM tools (we currently use Terraform, AWS Config, AWS Security Hub)
- Lead secure coding practices and prevent common vulnerabilities
- Perform architecture- and code-level security reviews, and collaborate hands-on with engineers to build secure software
- Manage and respond to penetration tests, bug bounties, and vulnerability scans (including static and dynamic analysis, dependency checks)
- Develop coding frameworks to standardize best practices for authentication and access control mechanisms
- Create procedures to manage risk of AI “vibe-coded” tools across the organization
- Manage abuse and fraud detection
- Manage monitoring and alerting tools
- Prevent and detect common attack vectors and tactics (e.g., phishing, malware, APTs)
- Hands-on experience with incident response, investigation, and remediation (including use of MDM tools)
Requirements:
- Technically strong software engineers (senior/staff)
- Deep expertise in one of the areas: Cloud Security, Application Security, or Incident Response and Threat Detection
- Knowledge in the other areas of Cloud Security, Application Security, or Incident Response and Threat Detection
- Experience with cloud environment security (network policies, container security, secrets management, misconfiguration prevention)
- Experience managing identity and access policies
- Experience protecting, monitoring, and mitigating network-level attacks
- Experience with infrastructure-as-code, audit, and CSPM tools (e.g., Terraform, AWS Config, AWS Security Hub)
- Experience leading secure coding practices and preventing common vulnerabilities
- Experience performing architecture- and code-level security reviews
- Experience managing and responding to penetration tests, bug bounties, and vulnerability scans (including static and dynamic analysis, dependency checks)
- Experience developing coding frameworks to standardize best practices for authentication and access control mechanisms
- Experience creating procedures to manage risk of AI 'vibe-coded' tools across the organization
- Experience managing abuse and fraud detection
- Experience managing monitoring and alerting tools
- Experience preventing and detecting common attack vectors and tactics (e.g., phishing, malware, APTs)
- Hands-on experience with incident response, investigation, and remediation (including use of MDM tools)