Cloud & Application Security Engineer (Hybrid)

About The Position

Requirements

• Bachelor’s degree in IT, Computer Science, Cybersecurity, or equivalent experience.
• 3+ years in cloud security, application security, DevSecOps, or related engineering roles.
• Strong hands-on experience with Azure security (Azure AD, Defender for Cloud, Key Vault, NSGs, App Gateway, etc.).
• Solid understanding of SDLC, secure coding, OWASP Top 10, and security tooling (SAST/DAST/IAST, dependency scanning).
• Experience securing CI/CD pipelines (GitHub Actions, Azure DevOps, Jenkins).
• Familiarity with container and Kubernetes security.
• Background in cloud/app security assessments, threat modeling, and code review.
• Ability to analyze logs and telemetry for cloud and application environments.
• Knowledge of IaC security (Terraform, Bicep, ARM).
• Must be able to support occasional evening or weekend overtime as needed.

Nice To Haves

• ISCCSP, GIAC (GCSA/GCLD), OSCP, CISSP, CCSK, or other advanced security certifications.
• CSPM tools
• WAF and API security platforms
• Container and serverless security tooling
• SIEM and cloud-native threat detection
• Secure coding and SDLC tooling
• PowerShell and Python automation
• Experience with ServiceNow or similar ITSM systems

Responsibilities

• Build and maintain security controls across cloud platforms (Azure preferred)—IAM, networking, logging, monitoring, container security, workload protection, and more.
• Partner with developers to embed security into the SDLC (secure coding, code reviews, dependency scanning, automated testing).
• Perform threat modeling and deliver actionable remediation guidance.
• Manage and optimize application and API security tools such as WAFs (Cloudflare preferred), API gateways, secret management, and cloud‑native security solutions.
• Support secure architecture design for cloud apps, microservices, containers, serverless, and PaaS workloads.
• Conduct vulnerability assessments and penetration testing across cloud workloads, applications, and CI/CD pipelines.
• Monitor and analyze events through SIEM, CSPM, CWPP, and other threat‑detection platforms.
• Respond to cloud/application security incidents and assist with forensic analysis.
• Continuously strengthen automated security controls within CI/CD and cloud platforms.
• Develop and maintain security policies, standards, and reference architectures.
• Conduct posture reviews, configuration assessments, and risk evaluations.
• Work closely with engineering, DevOps, architecture, and product teams to ensure secure solution delivery.
• Mentor junior cybersecurity team members.
• Stay ahead of emerging cloud threats, application security trends, and new technologies.

Benefits

• Best-in-class benefits including medical, dental, vision, and 100% paid maternity leave
• Generous time off including vacation, parental, donor, and bereavement leave
• Wellness perks like on-site personal trainers, massages, a full gym, and a registered nurse
• Convenience services like car detailing, dry cleaning, and even spray tans
• Financial support with 401(k), tuition reimbursement, stock units, and holiday bonuses
• Delicious perks from Willie’s Joynt—our full-service café serving up legendary meals
• Support Center employees who meet benefit eligibility receive a comprehensive total rewards package starting the first day of the month after 31 days of employment.