Security Engineer - Vuln Management (Infra)

Core Responsibilities

Infrastructure Scanning & Triage

• Perform continuous security scanning across cloud posture and workloads
• Review, validate, and prioritize flaws and misconfigurations based on CVSS scores, real-world exploitability, and infrastructure network exposure

Posture Management & Visibility

• Own and optimize Cloud Security Posture Management (CSPM), Kubernetes Security Posture Management (KSPM), and Data Security Posture Management (DSPM) tools
• Ensure uniform compliance, prevent data leakage, and maintain hardened baselines

Infrastructure-as-Code (IaC) Security

• Configure, tune, and embed automated IaC security scanning tools into CI/CD pipelines
• Identify architectural risks (e.g., overly permissive IAM, public S3 buckets/Cloud Storage) before production deployment

Workload & Container Security

• Manage continuous vulnerability scanning lifecycle for container images, registries, and VMs
• Partner with SRE and Platform teams to build automated base-image patching and rolling upgrade pipelines

Compliance-Driven Tracking

• Track, document, and manage infrastructure vulnerabilities according to compliance SLAs (SOC 2, ISO 27001, PCI-DSS)
• Maintain audit-ready evidence of infrastructure remediation timelines and exception approvals

Executive Reporting & Alerting

• Escalate and report critical production exposures directly to CISO and senior leadership
• Maintain dashboards and alerting mechanisms for infrastructure risk trends and cloud compliance posture

Remediation Collaboration

• Partner with SRE, DevOps, and Platform teams to provide infrastructure mitigation paths
• Assist in writing, reviewing, or modifying cloud configuration templates to resolve security flaws

Incident Response Support

• Assist Incident Response teams during active cloud or host-level breaches
• Help develop and implement immediate, real-time cloud, network, or IAM configuration countermeasures

Required Skills & Experience

• 5 years of experience in Cloud Security, DevSecOps, or Systems Engineering roles
• Strong foundational experience with multi-cloud environments (Deep GCP expertise preferred, working knowledge of AWS or Azure)
• Hands-on experience with infrastructure security platforms such as Wiz, Orca, Prisma Cloud, Lacework, or GCP Security Command Center
• Strong proficiency with Infrastructure as Code platforms (Terraform, Pulumi) and GitOps deployment workflows
• Ability to evaluate and configure IaC scanners like Checkov, Tfsec, or KICS
• Deep understanding of Docker/container security and Kubernetes architectures (GKE, EKS), including runtime security, network policies, and workload identity
• Understanding of how infrastructure configurations and vulnerability management map to security compliance frameworks like SOC 2, ISO 27001, CIS Benchmarks, or NIST

What We Value

• Systems Thinking: Ability to see the "big picture" and understand how security decisions impact the entire stack
• Technical Influence: Drive technical alignment across the organization through expertise and collaboration
• Autonomy: Comfortable leading major technical initiatives with minimal oversight
• Problem-Solving Mindset: Passion for breaking down complex security challenges into elegant, scalable engineering solutions