Software Engineer, Security Infrastructure

Responsibilities

• Build and maintain tooling, scripts, services, and automation that assess, enforce, and monitor security and compliance controls across AWS cloud environments, Kubernetes clusters, and CI/CD pipelines.
• Develop lightweight internal solutions (e.g., policy-as-code, custom scanners, CI/CD integrations) that make security and compliance automatic, auditable, and invisible to the rest of engineering.
• Embed security guardrails directly into infrastructure-as-code (Terraform), container orchestration, and deployment workflows so that secure-by-default becomes the path of least resistance.
• Partner closely with the infrastructure and platform engineering teams to harden cloud-native systems, implement access controls, encryption, logging/monitoring, and vulnerability management at scale.
• Improve visibility into our overall security posture through automated reporting, dashboards, and real-time observability that highlight risks and control coverage.
• Translate compliance requirements (SOC 2, FedRAMP, and related frameworks) into pragmatic, enforceable technical implementations rather than manual checklists.
• Reduce toil by automating security workflows, compliance validation, and remediation so engineering can ship fast without compromising security.
• Support incident response and post-incident improvements by building better observability and tooling that accelerates detection and recovery.
• Conduct security reviews of new features, services, and infrastructure changes, providing clear guidance that helps teams design and implement secure solutions.

Requirements

• 4–7+ years of hands-on experience in security engineering, platform/DevSecOps, or cloud infrastructure roles (founding or early-stage security builder experience strongly preferred).
• Proven track record shipping production-grade security automation in cloud-native environments (AWS strongly preferred).
• Deep familiarity with implementing technical controls for SOC 2, FedRAMP, or similar frameworks in real production systems.
• Strong proficiency in scripting and automation (Python, Go, Bash, or similar) and a bias toward building custom tooling over relying solely on off-the-shelf products.
• Hands-on experience with Infrastructure as Code (Terraform or equivalent), containerized environments (Kubernetes), and CI/CD systems — and how to embed security directly into them.
• Working knowledge across core security domains: access control, identity management, and least-privilege enforcement; logging, monitoring, auditing, and security observability; encryption, key management, and secrets handling; vulnerability scanning, policy-as-code, and continuous compliance; incident response and change management.
• Ability to quickly assess system state, identify meaningful gaps, and deliver pragmatic, high-impact solutions in a fast-moving environment.
• Comfort operating as a founding security engineer: thrive in ambiguity, own standards end-to-end, and focus on enabling velocity while raising the security bar.
• Strong problem-solving skills with a builder mindset.

Compensation

• Salary range: $170,000 - $220,000 per year. Plus equity and benefits.