Cyber Security Engineer

Essential Functions and Responsibilities

• Engineer the security infrastructure the rest of the company depends on across AWS and Kubernetes: telemetry pipelines, cryptographic material lifecycle, compliance automation, and the architecture patterns that scale across hundreds of environments.
• Build and maintain agentic AI workflows using tools like Claude Code, MCP-based integrations, and custom agent harnesses to automate security engineering tasks. Examples include code review for vulnerability patterns, drift detection in security controls, and automated evidence collection.
• Engineer the lifecycle of cryptographic material as code, including key generation, secure storage, certificate issuance, rotation, and revocation. All steps version-controlled, automated, and recoverable without a human in the loop.
• Build security telemetry pipelines that detect, enrich, and route signals with the fidelity our auto-remediation systems require.
• Embed security controls into deployment pipelines so vulnerabilities are prevented or resolved at build time rather than discovered post-deployment, including policy-as-code rules and automated playbooks.
• Build compliance evidence collection and continuous control monitoring as engineered systems that produce auditor-ready outputs from continuous data flows.
• Develop and maintain threat models that inform security architecture decisions and prioritize where engineered controls earn their place. Promote learnings into reusable patterns the rest of engineering can adopt.
• Consult, review, and approve architectural decisions by other infrastructure and product teams for security compliance and outcomes, with attention to where secrets are stored and how trust boundaries are crossed.
• Provide engineering support to Security Operations during incident response: build the tooling, telemetry, and automation that aids detection, containment, and recovery, in coordination with the Sec Ops team that owns the response process.
• Partner with other Risk functions, technical teams, auditors, vendors, and clients to translate security requirements into engineered systems and validate posture across all environments.
• Evaluate emerging AI-assisted engineering patterns and tooling through proof-of-concept work, including agent harness designs, prompt patterns, and eval methodologies. Promote what proves itself into team standard practice.
• Operate our COTS security tooling when needed, usually through IaC and automation we've built ourselves, occasionally by clicking through a vendor console.

Position Specifications

Education:

• Bachelor's degree in Computer Science, Cybersecurity, Software Engineering, or a related field, or equivalent combination of demonstrated engineering experience, shipped projects, and certifications in security engineering, cryptography, or cloud-native automation.
• Industry certifications that demonstrate hands-on technical depth are valued but not required. Relevant examples include: AWS Security Specialty, HashiCorp Terraform Associate, HashiCorp Vault Associate, CKS (Certified Kubernetes Security Specialist), GPYC (GIAC Python Coder), GCSA (GIAC Cloud Security Automation), or (ISC)² CCSP.

Experience:

• 5+ years of hands-on experience in security engineering, software engineering, or a closely related technical discipline, with a strong emphasis on building engineered systems rather than operating manual processes.
• At least 1 year of production experience with at least 2 agentic coding tools, such as Claude Code, Gemini, Cursor, Codex, AMP, or OpenCode.
• Demonstrated experience building and shipping production code in Python or a similarly capable language, with infrastructure-as-code tools such as Terraform.
• Proven track record of working in cloud-native environments, with deep familiarity in AWS, Kubernetes, containerized workloads, and CI/CD pipeline integration.
• Experience with security telemetry platforms (OpenSearch or similar), PKI / certificate lifecycle management, or compliance automation preferred.

Knowledge, Skills, & Abilities:

• Fluency with AI-assisted development tools like Claude Code and similar agentic coding assistants, including the ability to design, prompt-engineer, and orchestrate agents for security engineering workflows. Production experience where AI was load-bearing in the build.
• Hands-on experience shipping at the agentic tool layer: MCP integrations, custom agent harnesses, or AI tool-use pipelines.
• Strong software engineering fundamentals: version control, code review, testing, CI/CD, and API design, with the ability to write production-quality, maintainable code rather than throwaway scripts.
• Hands-on proficiency with cloud-native engineering: AWS (KMS, IAM, Lambda, EKS, and supporting services), Kubernetes, and Terraform or equivalent IaC tools.
• Technical knowledge of cybersecurity concepts, threat modeling, and secure design principles sufficient to consult on, review, and approve security-critical architectural decisions.
• Working knowledge of PKI concepts and certificate lifecycle management, with the ability to engineer cryptographic lifecycles as code.
• Experience with security telemetry pipelines and log analytics platforms (OpenSearch or similar), including data normalization, enrichment, and the structural fidelity required for downstream automation.
• Working knowledge of cloud security and compliance frameworks (SOC 2, PCI DSS, CIS Benchmarks, AWS Well-Architected), with the ability to translate control requirements into automated, auditable systems.
• Self-directed engineering mindset with a bias toward action, a low tolerance for manual toil, and a drive to eliminate recurring work through automation. A repeated manual process is a bug, not a task.
• Excellent written and verbal communication, including the ability to translate complex security architectures into clear documentation and to operate as a consultative security partner across technical and non-technical teams. Comfort with a fully remote, async-first culture where Slack and thorough documentation are how decisions get made.
• Nice to have: Contributions at the edge of what's possible with security and AI, including open-source projects, agent evaluation work, public writing, talks, or similar.