Skip to content
Shield AIShield AISan Diego, CA

Senior Staff Cybersecurity Engineer, Platform Security

Senior technical owner building secure-by-default infrastructure, IaC modules, policy-as-code guardrails, and CI/CD security tooling for cloud and platform engineering teams.

160k – 240k
On-site7+ YOESecurity Engineering

About the role

What you'll do

  • Build the secure defaults: Infrastructure-as-Code modules, CI/CD pipeline templates, internal libraries, and golden-path scaffolding that make the secure choice the easy choice.
  • Engineer guardrails as code — policy-as-code (OPA/Conftest), admission controllers, cloud guardrails (SCPs / org policy), and pre-commit and CI checks — so the insecure path is blocked or flagged automatically.
  • Own the platform security tooling that other teams consume, so they don't have to build their own; replace recurring manual work with durable, self-service mechanisms.
  • Embed security into the software and infrastructure supply chain: pipeline security, build/artifact integrity, dependency and container scanning, and secrets management.
  • Engineer workload and service identity controls (least privilege, short-lived credentials, federated trust) so zero-standing-privilege is real and observable.
  • Write and maintain production-quality code and infrastructure that backs these controls.
  • Partner with platform, infrastructure, and product engineering teams early — review high-blast-radius designs against the internal Security Engineering standard while the design can still change, and turn recurring findings into a missing paved road, not just another fix.
  • Set technical direction and standards for secure-by-default; document them so they can be applied without us, and mentor and raise the bar for other engineers.

Required qualifications

  • Extensive experience in security engineering, platform/infrastructure engineering, DevSecOps, or a closely related field, with a track record of owning complex systems end-to-end.
  • Strong software engineering ability — you write, review, and ship production-quality code (any modern language) and treat infrastructure as software.
  • Hands-on experience building secure-by-default mechanisms: Infrastructure-as-Code, CI/CD pipeline security, and policy/guardrails as code.
  • Deep working knowledge of at least one major cloud provider and its security and identity model.
  • Demonstrated ability to design durable, automated solutions that reduce real risk without becoming a bottleneck — and to make explicit tradeoffs between security and the business.
  • Strong communication: you can explain a security concept to a product engineer in their language and to a leader in business terms, and you write recommendations people can act on.

Preferred qualifications

  • Strong DevSecOps background with hands-on Kubernetes (admission control, OPA/Gatekeeper, workload identity) and Terraform (reusable secure modules, policy-as-code).
  • Production coding experience in Go, Python, and/or Rust; comfortable with scripting/automation in Bash and PowerShell.
  • Depth in Azure security and identity (Entra ID, Azure Policy, Management Group guardrails).
  • Experience securing AI/ML systems, pipelines, or workloads.
  • Offensive security / red team experience, with the ability to think like an attacker and translate those findings into stronger defaults and guardrails.
  • Experience with supply-chain security (SLSA, sigstore/cosign, SBOMs), container/image hardening, and secrets management.
  • Experience operating security tooling as an internal product consumed self-service by other engineering teams.
  • Bachelor's degree or equivalent professional certification and experience.

Skills

KubernetesTerraformOpaGoPythonRustAzureEntra IdAWSGCPCI/CDInfrastructure As CodePolicy As CodeDevSecOps
Twilio

Staff Engineer

TwilioUnited States

Technical lead performing advanced offensive security work including full-stack pentesting, red team operations, custom exploit development, AI/LLM red teaming, and bug bounty management. Requires 7-10 years experience, deep expertise in MITRE ATT&CK and OWASP, and proficiency with industry tools and scripting.

156k – 229k
Remote7+ YOESecurity Engineering
ezCater

Staff GRC Engineer

ezCaterUnited States

Senior individual contributor leading GRC program maturity, control automation, data security governance, and AI governance for a SaaS food tech platform. Requires 8+ years in security compliance with strong automation and cross-functional influence skills.

165k – 210k
Remote8+ YOESecurity Engineering
Huntress

Staff Cloud Security Engineer

HuntressUnited States

Designs and implements secure cloud architectures for AWS and Azure, integrates security into DevSecOps pipelines, manages vulnerabilities, and leads threat detection/response for a B2B SaaS cybersecurity platform. Requires deep cloud expertise and SaaS production security experience.

165k – 193k
RemoteSecurity Engineering
Shield AI

Sr. Staff System Security Engineer

Shield AIDallas, TX +1

Lead cybersecurity strategy, architecture, and RMF execution for complex defense aircraft, mission systems, networks, and infrastructure. Requires 8+ years in cybersecurity for integrated defense platforms, strong RMF/STIG knowledge, and cross-functional integration skills.

170k – 250k
On-site8+ YOESecurity Engineering
Ironclad

Staff IAM Engineer

IroncladSan Francisco, CA

Own security-critical identity and corporate security controls, managing IAM platforms, SSO/MFA integrations, RBAC policies, and endpoint trust for macOS/Windows environments.

170k – 190k
Hybrid4+ YOESecurity Engineering