Lead Security Engineer

About The Position

Requirements

• 7+ years of experience in security engineering, with hands-on work across multiple security domains. You’ve ideally done this at a SaaS company or cloud-native startup where you couldn’t hide behind a large team.
• Strong detection engineering skills — you’ve built and tuned SIEM rules, written detection content, and investigated real alerts, not just monitored dashboards someone else built
• Deep understanding of AWS security architecture — IAM, VPC design, multi-account strategies, and native security services
• Proficiency with infrastructure-as-code for security — codifying policies, guardrails, and configurations rather than clicking through consoles
• Experience with identity and access management architecture — IdP configuration, SSO/OIDC, RBAC design, and access lifecycle automation
• Scripting and automation chops in Python, Bash, or PowerShell for security operations, orchestration, and evidence workflows
• Clear, direct communication skills — you can explain a risk to an engineer, write a post-incident report for leadership, and answer a customer security questionnaire without corporate fluff

Nice To Haves

• Experience with CrowdStrike Falcon (EDR + LogScale/NG-SIEM) or Datadog Security Monitoring
• Terraform expertise, including module development and policy-as-code (OPA, Sentinel)
• Familiarity with fleet management tools (FleetDM, osquery, Jamf, or Intune)
• Exposure to OT/ICS security concepts, industrial control systems, or critical infrastructure environments
• Experience with EU regulatory frameworks — NIS2, Cyber Resilience Act, IEC 62443
• Background in vulnerability management lifecycle — scanning, triage, remediation tracking, and executive reporting
• Experience implementing Zero Trust Network Access (ZTNA) in hybrid cloud/on-prem environments

Responsibilities

• Detection Engineering & Incident Response: Build, tune, and maintain detection pipelines and alerting. Run incident investigations and root-cause analysis. Drive toward full visibility and monitoring coverage across cloud and endpoint assets.
• Cloud & Infrastructure Security: Secure our AWS environment — IAM policies, network segmentation, container security, secrets management. Codify security guardrails in infrastructure-as-code. Review architecture decisions with engineering for security impact.
• Enterprise Identity & Cloud Access: Architect and manage identity infrastructure across cloud and SaaS environments — IdP configuration, SSO/OIDC integration, SCIM provisioning, conditional access policies, and RBAC design. Own the full identity lifecycle from onboarding to offboarding, enforce least-privilege across AWS accounts and SaaS applications, and drive access certification and governance programs.
• Security Automation: Automate everything you can — alert triage, access provisioning, evidence collection, vulnerability management workflows. You’re one person covering a lot of ground; automation is how you scale.

Benefits

• unlimited PTO
• employer-subsidized healthcare through Aetna
• commuter benefits
• in-office lunches
• generous equity packages