Key skills
AWS SecurityAWS IAMAWS VPCAWS KMSAWS GuardDutyAWS Security HubAWS CloudTrailAWS ConfigAWS Multi-account GovernanceSecurity Incident ResponseSIEMSOAREDRPythonGoAI Coding AgentsNIST CSFCIS ControlsOWASP Top 10MITRE ATT&CKCloud-native DetectionMonitoringSOC 2 AuditISO 27001 AuditPCI AuditEndpoint SecurityLocal Admin RemovalDevice ManagementVulnerability ManagementTerraformCloudFormationCDKCI/CD Security GatesPolicy-as-CodeOPACedarContainer SecurityKubernetes SecurityMulti-cloud SecurityAWS Security Specialty CertificationCISSPCCSPGCIHGCIAGCFAOSCPAILLMClaudeAWSAzureGCPKubernetesServerlessEKSIAMCI/CDOWASPCloud SecurityZero TrustWAF
About this role
DISQO is building the world’s most trusted ad measurement platform, and they are seeking a Senior Security Engineer to take ownership of their comprehensive security posture. This role involves leading day-to-day security operations, managing AWS cloud and endpoint security, and driving the implementation of Zero Trust principles across their infrastructure.
Responsibilities:
- Own the security posture of our AWS environment: IAM, networking, encryption, KMS, secrets management, and multi-account governance
- Operate AWS-native security services: GuardDuty, Security Hub, Config, IAM Access Analyzer, Macie, Inspector, CloudTrail, and Control Tower
- Design and review secure-by-default patterns for new services. Provide security guidance on Terraform, CloudFormation, and CDK changes
- Drive identity, network, and data perimeter strategy. Reduce blast radius and enforce least privilege across accounts
- Harden container, serverless, and Kubernetes (EKS) workloads where they touch sensitive data
- Run day-to-day SecOps: detection engineering, alert triage, threat hunting, and incident response
- Tune and operate the SIEM, SOAR, and EDR stack (e.g., CrowdStrike). Author and maintain detections as code
- Drive the implementation of Zero Trust principles and manage endpoint security for employee devices, including local admin removal for employees handling customer data
- Lead incident response end-to-end: containment, forensics, root cause, customer comms, and blameless postmortems
- Run vulnerability management and patching cadence; track and drive remediation SLAs
- Build runbooks, on-call playbooks, and tabletop exercises that keep the team sharp
- Use AI coding agents (Claude Code, Cursor, Copilot, or similar) daily to accelerate security engineering work
- Build automations and small services that turn manual security work into repeatable, code-defined workflows
- Apply AI to scale Tier-1 triage, alert enrichment, IR draft communications, and detection content authoring
- Help shape security guardrails for AI tooling and AI-related workloads as they emerge in our stack
- Support SOC 2 Type I/II and similar audits: evidence collection, control mapping, and customer questionnaire response
- Run third-party and vendor security assessments
- Manage security awareness training and the anti-phishing program
- Manage relationships and contracts with security vendors (MSSP, EDR, WAF, vulnerability management, etc.)
- Champion the DevSecOps mindset and foster a security-first culture across engineering teams
- Be the go-to technical reviewer for new product surfaces, infrastructure designs, and data flows
- Partner with Legal and Privacy on regulatory requirements, control implementation, and audit readiness
- Mentor engineers on secure coding, threat modeling, and cloud security best practices
Requirements:
- Experience: 6+ years in cloud security, security operations, or infrastructure security, with hands-on production experience (not policy-only)
- AWS Depth: Strong working knowledge of AWS security: IAM, VPC, KMS, GuardDuty, Security Hub, CloudTrail, Config, and multi-account governance
- Security Operations: Hands-on security incident response experience. You have led real investigations, written postmortems, and tuned detections in a SIEM/SOAR
- Coding Ability: Comfortable scripting and building small services in Python, Go, or similar. You ship automation, not just tickets
- AI-Enabled Workflow: Use AI coding agents (Claude Code, Cursor, Copilot) as part of your default workflow, not as an experiment
- Frameworks: Working knowledge of NIST CSF, CIS Controls, OWASP Top 10, and MITRE ATT&CK
- Experience implementing cloud-native detection and monitoring
- Audit experience: SOC 2, ISO 27001, PCI, or similar
- Hands-on experience with endpoint security, including EDR (e.g., CrowdStrike), local admin removal, and device management/hardening
- Detection engineering and SOAR/automation experience at scale
- IaC security: Terraform, CDK, or CloudFormation, plus CI/CD security gates and policy-as-code (OPA, Cedar)
- Container and Kubernetes (EKS) security
- Multi-cloud exposure (GCP or Azure) in addition to AWS
- Familiarity with AI/LLM security (OWASP LLM Top 10, MITRE ATLAS, NIST AI RMF). Useful but not required
- Certifications: AWS Security Specialty, CISSP, CCSP, GCIH, GCIA, GCFA, or OSCP
- Built custom MCP servers, agent frameworks, or in-house security tooling
- Open-source contributions to cloud security or detection engineering tooling