Security Cloud Engineer

About The Position

Requirements

• A minimum of 5 years of experience in security engineering and architecture at a senior level, with a track record of operating from first principles and building security for systems without established playbooks.
• Possess a deep understanding of cloud-native architecture at the identity, networking, and data-protection levels (specifically AWS or equivalent).
• Proficiency in writing production-grade Python, Terraform, or TypeScript to prototype controls, script policy checks, and review AI-generated code.
• Demonstrated default to leverage, preferring automation by systems or agents over repeatable human tasks.
• Ability to earn trust through rigorous logic and influence rather than authoritative mandate.

Responsibilities

• Design-Time Threat Modeling: Collaborate alongside product and platform engineers to map new agent types, multi-agent workflows, and AI toolkits while architecture is still fluid to shape trust boundaries and threat models at design time.
• Agentic Security Primitives: Define the primitives necessary to make systems safe at enterprise scale, addressing unsolved problems regarding delegation models, multi-agent trust chains, data minimization in RAG workflows, and identity boundaries across customer-built agents.
• Architectural Hardening: Own outcomes for complex security areas, ranging from hardening Kubernetes or AWS Bedrock controls to designing trust boundaries for MCP integrations and tackling zero-day risks.
• Golden Path Engineering: Design policy-as-code and CI/CD controls for agent-assisted workflows to engineer secure defaults that act as velocity multipliers, enabling flawless engineering movement without routing around security.
• Structural Improvements: Lead the effort to detection, respond, and mutate architecture following control failures to turn incidents into structural improvements that prevent recurrence.
• Knowledge Codification: Maintain the security playbook for next-generation paradigms by producing opinionated guides, reference repositories, and posture telemetry that compounds over time.

Benefits

• Competitive compensation packages
• Restricted Stock Units (RSU)
• Paid vacation and sick time
• Paid volunteer and mental health days
• Up to 26 weeks paid parental leave including a post-partum night nurse
• 16 Company holidays (includes 2 floating holidays)
• RRSP with 6% company match
• Employer provided Supplemental medical, dental, disability & life coverage
• Comprehensive support and access to care for everyone, everywhere through Carrot - our global reproductive health and family-building benefit