Staff Software Engineer, Security Engineering

What You Will Do

• Cloud Security Strategy: Design organization-wide controls (SCPs, Azure Policy) that provide maximum protection with minimum developer friction.
• Identity & Access Management (IAM): Architect templates and permission boundaries that govern how services and humans interact with our cloud environment with the principle of least privilege in mind.
• Infrastructure & Network Security: Define the security standards for VPC architecture, edge networking, and cross-account connectivity.
• Platform Security Architecture: Lead platform-related security reviews for new features and high-impact services, ensuring security is baked into the design phase.
• System Design: Design systems and processes to validate the security posture of the platform, ensuring our security policies are enforced in real-time with actionable feedback for engineering teams.
• Mentorship & Influence: Mentor junior engineers and influence senior leadership on critical security decisions.

What You Bring

• 8+ years of proven experience in information security, specifically within cloud-native environments, Kubernetes (EKS, AKS), and cloud security.
• Deep understanding of secure networking principles, including VPC peering/transit gateways, VPN implementations, edge protection, and managing public/private PKI infrastructures.
• Strong background in building automated controls for enforcing Policy-as-Code within Terraform workflows.
• Hands-on experience identifying attack vectors and conducting risk assessments for complex, distributed systems.
• Experience working with security platforms for analyzing cloud permissions and a background or interest in applying AI to streamline security tasks and governance.
• Exceptional communication skills with a track record of aligning multiple teams toward shared security goals.
• Bachelor's degree in Computer Science, Information Security, Systems Engineering, or a related field.

Nice to Have

• Experience navigating compliance frameworks such as FedRAMP, SOC2, or HIPAA in a cloud environment.
• Proficiency in one or more languages used for automation and tooling, such as Python, Go, or JavaScript.
• Experience creating, managing, and securing containerized environments.
• Experience with service mesh (Istio) security policies and zero-trust networking.

This position requires the ability to access federal environments and/or have access to protected federal data. The successful candidate must be able to submit documentation establishing U.S. Person status upon hire.