Temporal TechnologiesRemote
Staff Cloud Security Engineer
United States of America
Full Time
5 hours ago
$225,000 - $275,000 USD
H1B Sponsor Likely
Key skills
Cloud SecurityAWSGCPAzureKubernetes SecurityRBAC DesignAdmission ControlMulti-tenant Security ArchitectureData Plane IsolationControl Plane HardeningCross-tenant Data Leakage PreventionAI in SecurityApplication ArchitectureVulnerability IdentificationSecrets ManagementHashiCorp VaultAWS Secrets ManagerPayload EncryptionGo ProgrammingPython ProgramminggRPC SecuritymTLSService MeshIstioEnvoyThreat ModelingRisk AssessmentSecurity ComplianceCSA Cloud Controls MatrixCIS BenchmarksWiz Security ToolPythonGoAIgRPCKubernetesVaultSaaSCommunicationCollaborationPenetration Testing
About this role
Temporal Technologies is an open source programming model company aiming to simplify code and enhance developer experience. They are seeking a Staff Cloud Security Engineer to secure their cloud environment, collaborating with various teams to integrate security into their platform and manage cloud security posture.
Responsibilities:
- Collaborate with product and engineering teams to integrate security principles into the design and architecture of cloud infrastructure across multiple clouds (AWS, GCP, Azure, and others)
- Secure Temporal's core platform components, including the workflow engine, task queue architecture, and worker execution model - identifying attack surfaces unique to durable, stateful distributed systems
- Conduct threat modeling and risk assessments to identify vulnerabilities and potential attack vectors across our multi-cloud environment, with particular focus on workflow execution, task queue integrity, and client-server trust boundaries
- Secure Temporal's gRPC-based communication layer, including mTLS certificate management, service mesh configuration, and API authentication
- Manage cloud security posture using tools such as Wiz, including misconfiguration detection, compliance monitoring, and remediation across all three cloud providers
- Stay current on emerging cloud security standards and guidance (e.g. CSA Cloud Controls Matrix, CIS Benchmarks) and translate these into actionable internal policy
- Able to participate in on-call rotation
Requirements:
- Bachelor's degree in Computer Science, Cybersecurity, or a related field (or equivalent experience)
- 5+ years in cloud security or a related role
- Proven partnership with engineering teams, bringing security expertise to infrastructure access and security posture
- Kubernetes security posture management and auditing, including workload hardening, RBAC design, and admission control
- Demonstrated experience with multi-tenant security architecture, including data plane isolation, control plane hardening, and cross-tenant data leakage prevention
- Strong opinions on the use of AI in different areas (assessments, threat models, penetration testing, etc)
- A deep understanding of application architecture and design principles, ability to effectively identify vulnerabilities across multiple programming languages
- Experience with secrets management at scale (e.g. HashiCorp Vault, AWS Secrets Manager) and payload encryption patterns such as codec servers for protecting sensitive workflow data
- Proficiency in Go; familiarity with Python. Go is Temporal's primary server and SDK language
- Strong command of gRPC security, mTLS, and service mesh architectures (Istio, Envoy)
- Excellent communication and ability to explain complex security concepts to non-technical stakeholders
- Excellent collaboration and communication skills
- Prior experience with Temporal, Cadence, or similar workflow orchestration platforms and an understanding of workflow history, replay semantics, and scheduling internals
- FedRAMP, SOC 2 Type II, or ISO 27001 experience, particularly in the context of cloud-native SaaS
- Open Source automation or automation projects
- Expertise in other areas of security (AppSec, CorpSec, GRC)
- Security conference talks or published research