Security Engineer - Vuln Management (Infra)

About The Position

Requirements

• 5 years of experience in Cloud Security, DevSecOps, or Systems Engineering roles.
• Strong foundational experience working with multi-cloud environments (Deep GCP expertise preferred, with working knowledge of AWS or Azure).
• Hands-on experience operating modern infrastructure security platforms such as Wiz, Orca, Prisma Cloud, Lacework, or cloud-native options (GCP Security Command Center).
• Strong proficiency with Infrastructure as Code platforms (Terraform, Pulumi) and GitOps deployment workflows.
• Ability to evaluate and configure IaC scanners like Checkov, Tfsec, or KICS.
• Deep understanding of Docker/container security and Kubernetes architectures (e.g., GKE, EKS), including runtime security, network policies, and workload identity.
• Understanding of how infrastructure configurations and vulnerability management map to security compliance frameworks like SOC 2, ISO 27001, CIS Benchmarks, or NIST.

Nice To Haves

• Systems Thinking: The ability to see the "big picture" and understand how security decisions impact the entire stack.
• Technical Influence: The ability to drive technical alignment across the organization through expertise and collaboration rather than direct authority.
• Autonomy: Comfortable leading major technical initiatives and driving outcomes with minimal oversight.
• Problem-Solving Mindset: A passion for breaking down complex security challenges into elegant, scalable engineering solutions.

Responsibilities

• Perform continuous security scanning across cloud posture and workloads, reviewing, validating, and prioritizing flaws and misconfigurations.
• Own and optimize Cloud Security Posture Management (CSPM), Kubernetes Security Posture Management (KSPM), and Data Security Posture Management (DSPM) tools.
• Configure, tune, and embed automated IaC security scanning tools into CI/CD pipelines to identify architectural risks.
• Manage the continuous vulnerability scanning lifecycle for container images, registries, and Virtual Machines (VMs), and partner with SRE and Platform teams on automated patching and upgrade pipelines.
• Track, document, and manage infrastructure vulnerabilities according to compliance SLAs (e.g., SOC 2, ISO 27001, PCI-DSS).
• Escalate and report critical production exposures to CISO and senior leadership, maintaining dashboards and alerting mechanisms.
• Partner with SRE, DevOps, and Platform teams to provide clear infrastructure mitigation paths and assist in modifying cloud configuration templates.
• Assist Incident Response teams during active cloud or host-level breaches by developing and implementing immediate countermeasures.

Benefits

• Competitive Salary & Equity
• 401(k) Program with a 4% match (US Only)
• Health, Dental, Vision and Life Insurance
• Short Term and Long Term Disability
• Paid Parental, Medical, Caregiver Leave
• Flexible Time Off (FTO) + Holidays
• Commuter Benefits (In-Office Only)
• Monthly Wellness Stipend
• Autonomous Work Environment
• In Office Set-Up Reimbursement (In-Office Only)
• Quarterly Team Gatherings
• In Office Amenities (In-Office Only)