Member of Technical Staff, Security

About The Position

Requirements

• 8+ years in Security Engineering, DevOps, or Site Reliability, with a deep security focus.
• GCP Security Mastery: Deep hands-on experience securing public cloud environments, especially Cloud Run, GKE, IAM, and VPC Service Controls.
• Zero-Trust & mTLS: Proven experience implementing a service mesh or mTLS encryption between services in a containerized environment.
• Proactive Defense: Experience conducting proactive threat hunting in codebases and CI logs, not just reacting to scanner alerts.
• SIEM & Detection Engineering: Experience deploying and managing a SIEM platform in a cloud-native environment.
• IaC & GitOps Security: Expert-level proficiency in Pulumi (preferred) or Terraform, paired with strong operational knowledge of ArgoCD/Argo Workflows.
• Application Security Fundamentals: Strong background in OWASP Top 10, dependency confusion prevention, and container image hardening.
• Compliance & Cert Management: Working knowledge of SOC 2 and HIPAA technical controls, and a deep understanding of automated secret and certificate rotation strategies.

Nice To Haves

• Experience with workflow orchestration platforms (Temporal, Cadence, Airflow).
• Experience building internal developer platforms or developer portals (Backstage, etc.).
• Familiarity with Workload Identity Federation and policy-as-code (OPA/Gatekeeper).

Responsibilities

• Architect Zero-Trust Infrastructure on Public Cloud: Design and own resilient cloud infrastructure using Pulumi. Establish strict Zero Trust Networking (ZTN) principles and enforce service-to-service authentication with mTLS. Define autoscaling policies and HA networking for Kubernetes (GKE) and serverless workloads that balance security and cost efficiency.
• Lead Proactive Security & Threat Hunting: Go beyond scanning. Implement threat hunting strategies across our code repositories and CI/CD pipelines. Deploy, tune, and operationalize a SIEM to correlate events across cloud logs, Kubernetes audit trails, and application telemetry.
• Secure the SDLC & Developer Experience: Own the security toolchain from commit to deploy. Integrate SAST, dependency scanning, and container image scanning (OWASP-aligned) directly into GitHub Workflows and ArgoCD rollouts. Help developers move fast without breaking things by providing secure "golden path" runbooks and dev-containers.
• Governance, Compliance & Secrets Lifecycle: Drive the technical implementation for SOC 2 and HIPAA compliance. Centralize secrets management and enforce automated certificate rotation. Implement IaC compliance checks to prevent misconfigurations before they reach production.
• Operationalize Observability & Incident Response: Maintain observability pipelines (Prometheus/Grafana/Cloud Logging) with an eye toward security signal-to-noise. Define actionable SLOs for security controls and lead incident response playbooks for cloud-native threats.
• Cross-Functional Security Leadership: Partner with backend teams to review architecture for security flaws and scalability. Be the subject matter expert for internal developer platform security.