Manager, Security Engineering, Cloud & AppSec

About The Position

Requirements

• Must be proficient in AWS security services, Terraform, GitLab, and modern CI/CD security practices
• Must have a deep understanding of AWS security architecture, IAM, cloud posture management, data security principles, and secure SDLC practices
• Must have experience leading or closely partnering with Application Security efforts, including threat modeling, vulnerability management, and security reviews
• Must be knowledgeable in compliance standards and security frameworks, including SOC 2, GDPR, ISO 27001, FedRAMP, NIST, CIS, and MITRE ATT&CK
• Must have strong written and verbal communication skills, with the ability to explain technical risks and tradeoffs to both technical and non-technical stakeholders
• Must be able to work independently and as part of a team, with a strong sense of ownership and accountability
• Must have experience developing metrics and reporting that communicate risk and security posture to leadership
• Must have familiarity with DLP concepts, including data classification, identification, and protection
• Bachelor’s degree in Computer Science, Cybersecurity, Information Systems, or a related field, or equivalent practical experience
• 5+ years of experience in cybersecurity
• 5+ years of experience securing AWS environments
• 5+ years of experience securing cloud-native systems and modern software delivery pipelines
• Prior experience leading security engineers or serving as a technical lead in a security engineering function
• AWS
• Terraform
• Crossplane
• ArgoCD
• GitLab
• CI/CD security tooling
• Cloud security monitoring and posture tools
• IAM and access control systems

Nice To Haves

• Experience leading both Cloud Security and Application Security teams
• AWS Certified Security – Specialty
• CISSP or other relevant security certifications
• Experience in high-growth SaaS or cybersecurity companies
• Experience building security programs that scale across engineering organizations
• Broad knowledge across the security domain, with deeper specialization in one or more areas such as incident management, detection engineering, response tooling, or logs/events processing

Responsibilities

• Lead, coach, and grow the Security Engineering team, including both Cloud Security Engineers and Application Security Engineers
• Set priorities and operating rhythms for the team, balancing strategic security investments, day-to-day engineering support, and incident response
• Design and implement security controls across our Cloud environments, such as but not limited to: AWS, Azure, GCP, Digital Ocean, OCI, etc.., including IAM, SCPs, VPC security, S3 bucket policies, security groups, key management, and logging
• Continuously monitor and improve cloud posture by managing and tuning services such as GuardDuty, Security Hub, AWS WAF, CloudTrail, and Inspector
• Partner with engineering teams to embed security into the SDLC, including secure design reviews, threat modeling, architecture review, and CI/CD security automation
• Lead the application security program, including secure coding practices, vulnerability management, developer enablement, and product security reviews
• Continuously monitor and improve application security tooling by managing and tuning services such as SonarQube, Dependency Track, ZAproxy, Trufflehog, Trivy,
• Build and maintain GitLab CI/CD pipelines and tooling for automated security testing and scanning of cloud resources and applications
• Conduct threat modeling, architecture reviews, and risk assessments for cloud deployments, product features, and new systems
• Implement security monitoring, secure systems hardening, and detective controls for malicious activity across AWS and application environments
• Respond quickly to new and emerging threats and vulnerabilities; support investigations, post-mortem analysis, root cause identification, and preventive actions
• Define and enforce identity and access management best practices, including least privilege, federated identity, role-based access control, and automated remediation
• Develop and maintain security policies, standards, and procedures aligned to frameworks such as SOC 2, GDPR, ISO 27001, FedRAMP, NIST, CIS, and MITRE ATT&CK
• Create metrics, reporting, and risk narratives that communicate security posture, trends, and priorities to business owners and leadership
• Evaluate and recommend new tools, techniques, and controls to improve the security posture of our cloud and application environments
• Demonstrate a commitment to integrity, process improvement, and customer satisfaction
• Recruiting and onboarding talented individuals to support our organizational goals
• Mentoring, coaching, equipping, and developing your team
• Recognizing and retaining high performers
• Leading horizontally with peer management and senior leaders

Benefits

• health, vision & dental insurance for you and your family
• a flexible vacation policy
• generous parental leave
• equity package in the form of stock options