Security Engineer (Security Operations, Zero Trust)
Security Engineer focused on security operations, incident response, and Zero Trust implementation. Designs, deploys, and supports security tools like SIEM, EDR, and Cloudflare; triages alerts, automates responses, and collaborates on cloud/IAM security. Requires 3-5 years experience in cloud-native security engineering.
100k – 140k/yr
Remote3+ YOESecurity Engineering
About the role
Responsibilities
Security Operations & Incident Response (Primary)
Review, design, and implementation of new Security Tools - support administration across tools such as SIEM, EDR, CNAAP, Email Security, and others.
Support security and risk assessments for new tools, vendors, and relationships with broader Security and IT team.
Assist in development of new threat detections, playbooks, and automated response/remediation.
Support triage and response of security alerts, as an escalation point from the broader team.
Participate in supporting security on-call rotation.
Zero Trust & Network Security (Secondary)
Strengthen Zero Trust posture by expanding usage of Cloudflare WARP, WAF, other Zero Trust tooling and principles.
Collaborate with the IT team to enhance endpoint security policies within EDR tools such as SentinelOne, CrowdStrike, as well as secure hardening standards into MDM.
Support design and implementation of IAM best practices/principles for workforce and client identity, leveraging tools such as Google IDP, Okta, Auth0, Zitadel.
Mature Zero Trust alerts and controls across risk-based alerting, posture checks.
Incorporation of Zero Trust principles into new programs and architecture designs.
Application Security (Support)
Support application security program strategy and implementation, including but not limited to various controls towards a “shift-left” security model, Security Champions program, adoption and implementation of SAST, DAST, other application security tools.
Assist in maturation of the Secure SDLC, including threat modeling, security architecture and requirements guidance, as well as secure code development training.
Work directly with developers to triage findings, provide remediation guidance, and foster a security-first culture.
Manual testing support for light red teaming such as POC’ing vulnerabilities, leading penetration tests via vendor engagements and/or internally led testing, and validating security findings.
Cloud & Infrastructure Security (Support)
Partner with Engineering, DevOps, to secure GCP, AWS environments.
Leverage Cloud Security tools such as CNAAP, to remediate discovered misconfigurations, vulnerabilities, and triage of Cloud Security alerts.
Support development and implement secure infrastructure baselines, vulnerability management processes, secrets management, IAM, and hardening standards within the cloud environment.
Incorporation of shift-left security tests and controls, into CI/CD pipelines.
Help expand monitoring capabilities within tools such as SIEM, CNAAP, including implementation of required cloud architecture/logging, onboarding of log sources to security tools, and detection rules for cloud-based threats.
Requirements
3-5 years of hands-on experience in a security engineering role, preferably within a cloud-native, startup environment.
Deep experience building or contributing to a Security Operations program, leveraging/administering SIEM, EDR, CNAAP, Email Security, and SOAR tools.
Hands-on experience building and tuning threat detections, partnering with Security Analysts to improve/automate runbooks and response actions.
Demonstrated experience implementing tools and controls to support Zero Trust, with tools such as Cloudflare, IAM architecture and protocols, risk and posture based alerting, and workforce/customer identity solutions.
Proficiency in at least one scripting language (Python, Bash) to automate security tasks and processes, ability to implement and support detection-as-code and infrastructure-as-code where applicable.
Excellent problem-solving skills and the ability to work collaboratively with both technical (Engineering) and non-technical (GTM) teams.
Ability to drive new projects, self-starter, with minimal supervision.
A proactive, "builder" mindset with a passion for improving processes, reducing risk.
Preferred
Familiarity with Infrastructure as Code (IaC) and its security implications (e.g., Terraform).
Knowledge of compliance frameworks such as SOC 2, GDPR, NIST CSF.
Familiarity with common application development languages such as Java or JavaScript.
Understanding of system and architecture design principles, from code to cloud.
Relevant industry certifications (e.g., GCLD, GCP Cloud Security Engineer, GCSA).
Application Security Engineer partnering with engineering teams to embed security into the SDLC, triage SAST/SCA findings, provide remediation guidance on OWASP issues, maintain security docs/playbooks, support governance/audits, and integrate GenAI tools while building AI governance guardrails.
100k – 140k/yr
RemoteSecurity Engineering
Security Engineer, Application Security
Trail of BitsUnited States
Conduct low-level code security assessments, architecture reviews, and threat modeling for client applications. Build custom security tools bridging vulnerability research and application security. Requires manual code review, binary analysis, and programming proficiency in multiple languages.
100k – 200k/yr
Remote5+ YOESecurity Engineering
Compliance Analyst
HarveySan Francisco, CA
This Compliance Analyst role at Harvey involves owning and maintaining compliance documentation, coordinating evidence collection, and supporting third-party assessments. The role requires hands-on compliance work, close collaboration with Engineering and Security teams, and a detail-oriented approach to ensure program health and continuous monitoring.
99k – 149k/yr
Hybrid3+ YOESecurity Engineering
Security Engineer II
MetropolisLos Angeles, CA
Security Engineer II responsible for monitoring security alerts, responding to incidents, administering enterprise security tools, and supporting cloud and identity security initiatives. Requires 3+ years in cybersecurity or related fields with strong scripting and troubleshooting skills.
105k – 150k/yr
On-site3+ YOESecurity Engineering
GRC Program Manager
AstraUnited States
Owns end-to-end execution of GRC programs including SOC 1/2, PCI DSS, and ISO 27001 audits, control design, risk assessments, and vendor management. Partners with engineering to implement technical controls and documentation for scalable compliance in fintech.