# Senior Security Engineer

**Company:** [DISQO](https://hotfix.jobs/companies/disqo)
**Location:** Los Angeles, CA
**Role:** Security Engineering
**Salary:** $180k – $200k/yr
**Experience:** 6+ years
**Skills:** AWS, IAM, Guardduty, Security Hub, Cloudtrail, Kubernetes, EKS, Crowdstrike, Python, Go, Terraform, SIEM, Soar, Edr, Zero Trust
**Posted:** 2026-04-30

> Senior Security Engineer owns AWS cloud and endpoint security posture, leads SecOps including detection, incident response, and vulnerability management, while building AI-enabled automations in a high-throughput environment.

## Job Description

## Responsibilities

### AWS Cloud Security
- Own the security posture of our AWS environment: IAM, networking, encryption, KMS, secrets management, and multi-account governance.
- Operate AWS-native security services: GuardDuty, Security Hub, Config, IAM Access Analyzer, Macie, Inspector, CloudTrail, and Control Tower.
- Design and review secure-by-default patterns for new services. Provide security guidance on Terraform, CloudFormation, and CDK changes.
- Drive identity, network, and data perimeter strategy. Reduce blast radius and enforce least privilege across accounts.
- Harden container, serverless, and Kubernetes (EKS) workloads where they touch sensitive data.

### Security Operations
- Run day-to-day SecOps: detection engineering, alert triage, threat hunting, and incident response.
- Tune and operate the SIEM, SOAR, and EDR stack (e.g., CrowdStrike). Author and maintain detections as code.
- Drive the implementation of Zero Trust principles and manage endpoint security for employee devices, including local admin removal for employees handling customer data.
- Lead incident response end-to-end: containment, forensics, root cause, customer comms, and blameless postmortems.
- Run vulnerability management and patching cadence; track and drive remediation SLAs.
- Build runbooks, on-call playbooks, and tabletop exercises that keep the team sharp.

### AI-Enabled Engineering
- Use AI coding agents (Claude Code, Cursor, Copilot, or similar) daily to accelerate security engineering work.
- Build automations and small services that turn manual security work into repeatable, code-defined workflows.
- Apply AI to scale Tier-1 triage, alert enrichment, IR draft communications, and detection content authoring.
- Help shape security guardrails for AI tooling and AI-related workloads as they emerge in our stack.

### Governance, Risk & Compliance
- Support SOC 2 Type I/II and similar audits: evidence collection, control mapping, and customer questionnaire response.
- Run third-party and vendor security assessments.
- Manage security awareness training and the anti-phishing program.
- Manage relationships and contracts with security vendors (MSSP, EDR, WAF, vulnerability management, etc.).

### Cross-functional Partnership
- Champion the DevSecOps mindset and foster a security-first culture across engineering teams.
- Be the go-to technical reviewer for new product surfaces, infrastructure designs, and data flows.
- Partner with Legal and Privacy on regulatory requirements, control implementation, and audit readiness.
- Mentor engineers on secure coding, threat modeling, and cloud security best practices.

## Requirements

**Required:**
- 6+ years in cloud security, security operations, or infrastructure security, with hands-on production experience.
- Strong working knowledge of AWS security: IAM, VPC, KMS, GuardDuty, Security Hub, CloudTrail, Config, and multi-account governance.
- Hands-on security incident response experience. Led real investigations, written postmortems, and tuned detections in a SIEM/SOAR.
- Comfortable scripting and building small services in **Python**, **Go**, or similar.
- Use AI coding agents (Claude Code, Cursor, Copilot) as part of default workflow.
- Working knowledge of NIST CSF, CIS Controls, OWASP Top 10, and MITRE ATT&CK.
- Experience implementing cloud-native detection and monitoring.
- Audit experience: SOC 2, ISO 27001, PCI, or similar.
- Hands-on experience with endpoint security, including EDR (e.g., **CrowdStrike**), local admin removal, and device management/hardening.

**Nice to have:**
- Detection engineering and SOAR/automation experience at scale.
- IaC security: **Terraform**, **CDK**, or **CloudFormation**, plus CI/CD security gates and policy-as-code (OPA, Cedar).
- Container and **Kubernetes (EKS)** security.
- Multi-cloud exposure (**GCP** or **Azure**) in addition to AWS.
- Familiarity with AI/LLM security (OWASP LLM Top 10, MITRE ATLAS, NIST AI RMF).
- Certifications: AWS Security Specialty, CISSP, CCSP, GCIH, GCIA, GCFA, or OSCP.
- Built custom MCP servers, agent frameworks, or in-house security tooling.
- Open-source contributions to cloud security or detection engineering tooling.

## Similar roles

- [Senior GRC Engineer](https://hotfix.jobs/jobs/bfcb5755-185d-4c09-bda1-9f49a4ecb6c8) - Postman - San Francisco, CA - $180k – $200k/yr
- [Senior Application Security Engineer](https://hotfix.jobs/jobs/79016b33-ba89-41bf-b2dc-def7958e241d) - Monarch - Remote - $180k – $215k/yr
- [Senior Security Engineer, GRC](https://hotfix.jobs/jobs/8a3040c3-16a4-42c0-8c91-cbee4a8039b3) - Temporal - Remote - $180k – $225k/yr
- [Senior Security Engineer](https://hotfix.jobs/jobs/48ed30bc-1b7a-42a6-9225-139997bf3b3b) - Kaizen Labs - New York, NY - $180k – $220k/yr
- [Manager, Network Security](https://hotfix.jobs/jobs/675ca948-bd5b-42a9-a275-8767a272094e) - Lumin Digital - Remote - $180k – $200k/yr

**Apply:** https://hotfix.jobs/jobs/7682460f-ebf6-40f0-bc6d-506ee5190f30
**Canonical:** https://hotfix.jobs/jobs/7682460f-ebf6-40f0-bc6d-506ee5190f30