Cloud Application Security Engineer
About The Position
The Cloud Application Security Engineer is responsible for securing Hyper’s cloud-native web platform and the software development lifecycle that supports it. This role works directly with engineering teams to identify, understand, and remediate security risks in applications and infrastructure. This position focuses on embedding security into how software is built, deployed, and operated. The role emphasizes practical, hands-on security work—reviewing code, improving system design, and helping engineers build secure systems—rather than operating as a separate audit or ticketing function.
Requirements
- 4–7 years of experience in application security, product security, or cloud security engineering
- Experience securing modern web applications and understanding common vulnerability patterns
- Hands-on experience with AWS security services (IAM, Security Hub, GuardDuty, WAF, etc.)
- Experience using SAST, DAST, or SCA tools in development workflows
- Strong understanding of OWASP Top 10 and practical remediation approaches
- Experience with threat modeling applied to real systems
- Experience supporting or participating in SOC 2 audits or similar compliance frameworks
- Experience working directly with software engineers to remediate security issues in applications
- Strong communication skills and ability to work closely with engineering teams
Nice To Haves
- Experience with Node.js, PostgreSQL, or similar backend systems
- Familiarity with frontend security concerns (e.g., XSS, authentication flows, token handling)
- Experience with tools such as Snyk, Semgrep, OWASP ZAP, or similar
- Experience with compliance automation tools such as Vanta, Drata, or Secureframe
- Experience building or improving security practices in a startup or growth-stage company
- Scripting or automation experience (Python, Bash, or similar)
- Relevant certifications: AWS Security Specialty, OSCP, CISSP, or equivalent
Responsibilities
- Conduct secure code reviews, threat modeling, and security-focused design reviews for new and existing features
- Identify and remediate common web application vulnerabilities aligned with OWASP Top 10
- Help design and improve secure application architectures in collaboration with engineering teams
- Own the security configuration of AWS environments including IAM, Security Hub, GuardDuty, WAF, Secrets Manager, VPC security groups, and CloudTrail
- Integrate and maintain SAST, DAST, and dependency scanning tools within CI/CD pipelines
- Perform vulnerability assessments across applications and cloud infrastructure and track remediation to closure
- Support SOC 2 Type II readiness by contributing to security controls, documentation, and evidence collection
- Develop and maintain incident response processes including investigation, containment, and post-mortem analysis
- Work closely with engineers to implement secure coding practices and improve overall system security
- Provide guidance and education to engineering teams on secure development practices
- Support onboarding of engineers with security best practices and expectations
- Maintain documentation for security processes, controls, and architecture
- Contribute to improving security tooling, automation, and workflows
Benefits
- medical
- dental
- vision
- 401(k)
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Mid Level
Education Level
No Education Listed
