# Security Engineer (Security Operations, Zero Trust)

**Company:** [BlackCloak](https://hotfix.jobs/companies/blackcloak)
**Location:** Remote
**Role:** Security Engineering
**Salary:** $100k – $140k/yr
**Experience:** 3+ years
**Skills:** SIEM, Edr, Cnaap, Soar, Cloudflare, Sentinelone, Crowdstrike, Okta, Auth0, Google Idp, Zitadel, SAST, DAST, GCP, AWS
**Posted:** 2025-11-06

> Security Engineer focused on security operations, incident response, and Zero Trust implementation. Designs, deploys, and supports security tools like SIEM, EDR, and Cloudflare; triages alerts, automates responses, and collaborates on cloud/IAM security. Requires 3-5 years experience in cloud-native security engineering.

## Job Description

## Responsibilities

### Security Operations & Incident Response (Primary)
- Review, design, and implementation of new Security Tools - support administration across tools such as **SIEM**, **EDR**, **CNAAP**, **Email Security**, and others.
- Support security and risk assessments for new tools, vendors, and relationships with broader Security and IT team.
- Assist in development of new threat detections, playbooks, and automated response/remediation.
- Support triage and response of security alerts, as an escalation point from the broader team.
- Participate in supporting security on-call rotation.

### Zero Trust & Network Security (Secondary)
- Strengthen Zero Trust posture by expanding usage of **Cloudflare WARP**, **WAF**, other Zero Trust tooling and principles.
- Collaborate with the IT team to enhance endpoint security policies within EDR tools such as **SentinelOne**, **CrowdStrike**, as well as secure hardening standards into MDM.
- Support design and implementation of IAM best practices/principles for workforce and client identity, leveraging tools such as **Google IDP**, **Okta**, **Auth0**, **Zitadel**.
- Mature Zero Trust alerts and controls across risk-based alerting, posture checks.
- Incorporation of Zero Trust principles into new programs and architecture designs.

### Application Security (Support)
- Support application security program strategy and implementation, including but not limited to various controls towards a “shift-left” security model, Security Champions program, adoption and implementation of **SAST**, **DAST**, other application security tools.
- Assist in maturation of the Secure SDLC, including threat modeling, security architecture and requirements guidance, as well as secure code development training.
- Work directly with developers to triage findings, provide remediation guidance, and foster a security-first culture.
- Manual testing support for light red teaming such as POC’ing vulnerabilities, leading penetration tests via vendor engagements and/or internally led testing, and validating security findings.

### Cloud & Infrastructure Security (Support)
- Partner with Engineering, DevOps, to secure **GCP**, **AWS** environments.
- Leverage Cloud Security tools such as **CNAAP**, to remediate discovered misconfigurations, vulnerabilities, and triage of Cloud Security alerts.
- Support development and implement secure infrastructure baselines, vulnerability management processes, secrets management, IAM, and hardening standards within the cloud environment.
- Incorporation of shift-left security tests and controls, into CI/CD pipelines.
- Help expand monitoring capabilities within tools such as **SIEM**, **CNAAP**, including implementation of required cloud architecture/logging, onboarding of log sources to security tools, and detection rules for cloud-based threats.

## Requirements
- 3-5 years of hands-on experience in a security engineering role, preferably within a cloud-native, startup environment.
- Deep experience building or contributing to a Security Operations program, leveraging/administering **SIEM**, **EDR**, **CNAAP**, **Email Security**, and **SOAR** tools.
- Hands-on experience building and tuning threat detections, partnering with Security Analysts to improve/automate runbooks and response actions.
- Demonstrated experience implementing tools and controls to support **Zero Trust**, with tools such as **Cloudflare**, IAM architecture and protocols, risk and posture based alerting, and workforce/customer identity solutions.
- Proficiency in at least one scripting language (**Python**, **Bash**) to automate security tasks and processes, ability to implement and support detection-as-code and infrastructure-as-code where applicable.
- Excellent problem-solving skills and the ability to work collaboratively with both technical (Engineering) and non-technical (GTM) teams.
- Ability to drive new projects, self-starter, with minimal supervision.
- A proactive, "builder" mindset with a passion for improving processes, reducing risk.

## Preferred
- Familiarity with **Infrastructure as Code (IaC)** and its security implications (e.g., **Terraform**).
- Knowledge of compliance frameworks such as **SOC 2**, **GDPR**, **NIST CSF**.
- Familiarity with common application development languages such as **Java** or **JavaScript**.
- Understanding of system and architecture design principles, from code to cloud.
- Relevant industry certifications (e.g., **GCLD**, **GCP Cloud Security Engineer**, **GCSA**).

## Similar roles

- [Application Security Engineer](https://hotfix.jobs/jobs/d240253e-6098-4419-8f04-aaf793f42c03) - Zocdoc - Remote - $100k – $140k/yr
- [Security Engineer, Application Security](https://hotfix.jobs/jobs/18d79ceb-6c9b-4ecf-819a-fcd37324835f) - Trail of Bits - Remote - $100k – $200k/yr
- [Compliance Analyst](https://hotfix.jobs/jobs/b1657e99-edcc-41eb-b820-8b3e05df4e67) - Harvey - San Francisco, CA - $99k – $149k/yr
- [Security Engineer II](https://hotfix.jobs/jobs/84d69823-ea1b-4385-93ad-d6700771519c) - Metropolis - Los Angeles, CA - $105k – $150k/yr
- [GRC Program Manager](https://hotfix.jobs/jobs/5b121fcc-25d9-471c-a57f-273f2ea2942b) - Astra - Remote - $95k – $135k/yr

**Apply:** https://hotfix.jobs/jobs/70b32aeb-7b41-4578-8a52-7a1a46564864
**Canonical:** https://hotfix.jobs/jobs/70b32aeb-7b41-4578-8a52-7a1a46564864