Skip to content
TemporalTemporalUnited States

Staff Cloud Security Engineer

As a Staff Cloud Security Engineer, you will collaborate with product and engineering teams to integrate security principles into the design and architecture of cloud infrastructure. You will secure core platform components, conduct threat modeling, and manage cloud security posture.

225k – 275k
Remote5+ YOESecurity Engineering

About the role

What You’ll Do

  • Collaborate with product and engineering teams to integrate security principles into the design and architecture of cloud infrastructure across multiple clouds (AWS, GCP, Azure, and others).
  • Secure Temporal's core platform components, including the workflow engine, task queue architecture, and worker execution model - identifying attack surfaces unique to durable, stateful distributed systems.
  • Conduct threat modeling and risk assessments to identify vulnerabilities and potential attack vectors across our multi-cloud environment, with particular focus on workflow execution, task queue integrity, and client-server trust boundaries.
  • Secure Temporal's gRPC-based communication layer, including mTLS certificate management, service mesh configuration, and API authentication.
  • Manage cloud security posture using tools such as Wiz, including misconfiguration detection, compliance monitoring, and remediation across all three cloud providers.
  • Stay current on emerging cloud security standards and guidance (e.g. CSA Cloud Controls Matrix, CIS Benchmarks) and translate these into actionable internal policy.
  • Able to participate in on-call rotation.

What You’ll Bring

  • Bachelor’s degree in Computer Science, Cybersecurity, or a related field (or equivalent experience).
  • 5+ years in cloud security or a related role.
  • Proven partnership with engineering teams, bringing security expertise to infrastructure access and security posture.
  • Kubernetes security posture management and auditing, including workload hardening, RBAC design, and admission control.
  • Demonstrated experience with multi-tenant security architecture, including data plane isolation, control plane hardening, and cross-tenant data leakage prevention.
  • Strong opinions on the use of AI in different areas (assessments, threat models, penetration testing, etc).
  • A deep understanding of application architecture and design principles, ability to effectively identify vulnerabilities across multiple programming languages
  • Experience with secrets management at scale (e.g. HashiCorp Vault, AWS Secrets Manager) and payload encryption patterns such as codec servers for protecting sensitive workflow data.
  • Proficiency in Go; familiarity with Python. Go is Temporal's primary server and SDK language.
  • Strong command of gRPC security, mTLS, and service mesh architectures (Istio, Envoy).
  • Excellent communication and ability to explain complex security concepts to non-technical stakeholders.
  • Excellent collaboration and communication skills.

Nice to Have

  • Prior experience with Temporal, Cadence, or similar workflow orchestration platforms and an understanding of workflow history, replay semantics, and scheduling internals.
  • FedRAMP, SOC 2 Type II, or ISO 27001 experience, particularly in the context of cloud-native SaaS.
  • Open Source automation or automation projects.
  • Expertise in other areas of security (AppSec, CorpSec, GRC)
  • Security conference talks or published research.

Compensation

The estimated pay range for this role is $225,000 - $275,000, depending on qualifications and location. This role is eligible to participate in Temporal's equity plan.

Compensation ranges reflect salary and commission compensation (when applicable) across several geographic markets. Employment offers carefully consider multiple factors, including prior experience, knowledge, expertise, skillset, market location, and job level assessed during the interview process.

Employee benefits and perks below are for full-time employees, part-time or temporary positions are excluded.

U.S. Benefits

  • Unlimited PTO, 12 Holidays + 2 Floating Holidays
  • 100% Premiums Coverage for Medical, Dental, and Vision
  • AD&D, LT & ST Disability, and Life Insurance (Standard & Supplemental Available)
  • Empower 401K Plan
  • Additional Perks for Learning & Development, Lifestyle Spending, In-Home Office Setup, Professional Memberships, WFH Meals, Internet Stipend and more!

International Benefits

Paid Time Off (PTO) and Benefits outside the United States vary by country, and are issued in partnership with Remote.com. Additionally, Temporal offers perks to all international employees for learning & career development, a lifestyle spending account, in-home office setup (in addition to company-issued hardware), professional memberships, work-from-home meals, and access to the Calm app for mental wellness. Travel Temporal is a globally distributed, collaborative team that values opportunities for in-person connection. Occasional travel may be required for company events, team offsites, and other meaningful moments that bring us together.

Additional Perks

  • $3,600 / Year Work from Home Meals
  • $1,800 / Year Professional Enrichment (Career Development & Professional Memberships)
  • $1,200 / Year Lifestyle Spending Account
  • $1,000 / Year In-Home Office Setup (In addition to Temporal issued equipment - laptop, monitor, keyboard, mouse, trackpad, and extension power cable at no cost to you)
  • $74 / Month Reimbursement for Internet
  • Calm App Subscription for Mental Health & Wellness

Skills

AWSGCPAzureKubernetesGoPythongRPCMtlsIstio
Plaid

Staff Software Engineer

PlaidNew York, NY +2

Staff Software Engineer building and leading development of Plaid's core security infrastructure including IAM, key management, encryption, and access control systems. Requires experience with scalable secure systems architecture plus technical leadership.

222k – 328k
Hybrid7+ YOESecurity Engineering
Confluent

Staff Security Risk & Compliance Program Manager

ConfluentTexas

Own and evolve Confluent's internal access management program with focus on machine/workload identity, S2S auth, non-human identities, and AI agent controls. Set the Access Management Standard, own metrics/reporting/OKRs, and drive governance, risk reduction, and cross-functional execution for least-privilege outcomes.

222k – 261k
Remote8+ YOESecurity Engineering
Abridge

Staff Application Security Engineer

AbridgeSan Francisco, CA

Lead application security initiatives as a technical leader on a new security team. Drive threat modeling, secure SDLC, code reviews, vulnerability management, and AI security for a healthcare AI platform.

228k – 290k
Hybrid10+ YOESecurity Engineering
Databricks

Senior Staff Software Engineer - Security Infrastructure

DatabricksMountain View, CA

Leads security infrastructure engineering at Databricks, plugging gaps in services, building large-scale distributed systems, and defining data security strategy. Requires 9+ years in security, 15+ in distributed systems, MS/PhD, and expertise in areas like Kubernetes security and cryptography.

228k – 304k
On-site9+ YOESecurity Engineering
Databricks

Staff Software Engineer - Security Infrastructure

DatabricksBellevue, WA

Leads security infrastructure engineering at Databricks, enhancing platform security, building scalable systems, and driving strategy. Requires 7+ years in data security, 10+ years in distributed systems, and MS/PhD.

221k – 241k
On-site7+ YOESecurity Engineering