Senior Security Engineer

Responsibilities

AWS Cloud Security

• Own the security posture of our AWS environment: IAM, networking, encryption, KMS, secrets management, and multi-account governance.
• Operate AWS-native security services: GuardDuty, Security Hub, Config, IAM Access Analyzer, Macie, Inspector, CloudTrail, and Control Tower.
• Design and review secure-by-default patterns for new services. Provide security guidance on Terraform, CloudFormation, and CDK changes.
• Drive identity, network, and data perimeter strategy. Reduce blast radius and enforce least privilege across accounts.
• Harden container, serverless, and Kubernetes (EKS) workloads where they touch sensitive data.

Security Operations

• Run day-to-day SecOps: detection engineering, alert triage, threat hunting, and incident response.
• Tune and operate the SIEM, SOAR, and EDR stack (e.g., CrowdStrike). Author and maintain detections as code.
• Drive the implementation of Zero Trust principles and manage endpoint security for employee devices, including local admin removal for employees handling customer data.
• Lead incident response end-to-end: containment, forensics, root cause, customer comms, and blameless postmortems.
• Run vulnerability management and patching cadence; track and drive remediation SLAs.
• Build runbooks, on-call playbooks, and tabletop exercises that keep the team sharp.

AI-Enabled Engineering

• Use AI coding agents (Claude Code, Cursor, Copilot, or similar) daily to accelerate security engineering work.
• Build automations and small services that turn manual security work into repeatable, code-defined workflows.
• Apply AI to scale Tier-1 triage, alert enrichment, IR draft communications, and detection content authoring.
• Help shape security guardrails for AI tooling and AI-related workloads as they emerge in our stack.

Governance, Risk & Compliance

• Support SOC 2 Type I/II and similar audits: evidence collection, control mapping, and customer questionnaire response.
• Run third-party and vendor security assessments.
• Manage security awareness training and the anti-phishing program.
• Manage relationships and contracts with security vendors (MSSP, EDR, WAF, vulnerability management, etc.).

Cross-functional Partnership

• Champion the DevSecOps mindset and foster a security-first culture across engineering teams.
• Be the go-to technical reviewer for new product surfaces, infrastructure designs, and data flows.
• Partner with Legal and Privacy on regulatory requirements, control implementation, and audit readiness.
• Mentor engineers on secure coding, threat modeling, and cloud security best practices.

Requirements

Required:

• 6+ years in cloud security, security operations, or infrastructure security, with hands-on production experience.
• Strong working knowledge of AWS security: IAM, VPC, KMS, GuardDuty, Security Hub, CloudTrail, Config, and multi-account governance.
• Hands-on security incident response experience. Led real investigations, written postmortems, and tuned detections in a SIEM/SOAR.
• Comfortable scripting and building small services in Python, Go, or similar.
• Use AI coding agents (Claude Code, Cursor, Copilot) as part of default workflow.
• Working knowledge of NIST CSF, CIS Controls, OWASP Top 10, and MITRE ATT&CK.
• Experience implementing cloud-native detection and monitoring.
• Audit experience: SOC 2, ISO 27001, PCI, or similar.
• Hands-on experience with endpoint security, including EDR (e.g., CrowdStrike), local admin removal, and device management/hardening.

Nice to have:

• Detection engineering and SOAR/automation experience at scale.
• IaC security: Terraform, CDK, or CloudFormation, plus CI/CD security gates and policy-as-code (OPA, Cedar).
• Container and Kubernetes (EKS) security.
• Multi-cloud exposure (GCP or Azure) in addition to AWS.
• Familiarity with AI/LLM security (OWASP LLM Top 10, MITRE ATLAS, NIST AI RMF).
• Certifications: AWS Security Specialty, CISSP, CCSP, GCIH, GCIA, GCFA, or OSCP.
• Built custom MCP servers, agent frameworks, or in-house security tooling.
• Open-source contributions to cloud security or detection engineering tooling.