Core Responsibilities
Infrastructure Scanning & Triage
- Perform continuous security scanning across cloud posture and workloads
- Review, validate, and prioritize flaws and misconfigurations based on CVSS scores, real-world exploitability, and infrastructure network exposure
Posture Management & Visibility
- Own and optimize Cloud Security Posture Management (CSPM), Kubernetes Security Posture Management (KSPM), and Data Security Posture Management (DSPM) tools
- Ensure uniform compliance, prevent data leakage, and maintain hardened baselines
Infrastructure-as-Code (IaC) Security
- Configure, tune, and embed automated IaC security scanning tools into CI/CD pipelines
- Identify architectural risks (e.g., overly permissive IAM, public S3 buckets/Cloud Storage) before production deployment
Workload & Container Security
- Manage continuous vulnerability scanning lifecycle for container images, registries, and VMs
- Partner with SRE and Platform teams to build automated base-image patching and rolling upgrade pipelines
Compliance-Driven Tracking
- Track, document, and manage infrastructure vulnerabilities according to compliance SLAs (SOC 2, ISO 27001, PCI-DSS)
- Maintain audit-ready evidence of infrastructure remediation timelines and exception approvals
Executive Reporting & Alerting
- Escalate and report critical production exposures directly to CISO and senior leadership
- Maintain dashboards and alerting mechanisms for infrastructure risk trends and cloud compliance posture
Remediation Collaboration
- Partner with SRE, DevOps, and Platform teams to provide infrastructure mitigation paths
- Assist in writing, reviewing, or modifying cloud configuration templates to resolve security flaws
Incident Response Support
- Assist Incident Response teams during active cloud or host-level breaches
- Help develop and implement immediate, real-time cloud, network, or IAM configuration countermeasures
Required Skills & Experience
- 5 years of experience in Cloud Security, DevSecOps, or Systems Engineering roles
- Strong foundational experience with multi-cloud environments (Deep GCP expertise preferred, working knowledge of AWS or Azure)
- Hands-on experience with infrastructure security platforms such as Wiz, Orca, Prisma Cloud, Lacework, or GCP Security Command Center
- Strong proficiency with Infrastructure as Code platforms (Terraform, Pulumi) and GitOps deployment workflows
- Ability to evaluate and configure IaC scanners like Checkov, Tfsec, or KICS
- Deep understanding of Docker/container security and Kubernetes architectures (GKE, EKS), including runtime security, network policies, and workload identity
- Understanding of how infrastructure configurations and vulnerability management map to security compliance frameworks like SOC 2, ISO 27001, CIS Benchmarks, or NIST
What We Value
- Systems Thinking: Ability to see the "big picture" and understand how security decisions impact the entire stack
- Technical Influence: Drive technical alignment across the organization through expertise and collaboration
- Autonomy: Comfortable leading major technical initiatives with minimal oversight
- Problem-Solving Mindset: Passion for breaking down complex security challenges into elegant, scalable engineering solutions