Security Engineer

About The Position

Requirements

• 5+ years of experience in security engineering, product security, cloud/platform security, or closely related roles
• Strong hands-on experience securing cloud environments (AWS and Azure)
• Comfortable owning technical security problems end-to-end in fast-moving environments
• Hands-on experience with product/application security in engineering environments (secure design reviews, threat modeling, code-level risk discussions)
• Experience operating AppSec tooling and processes at scale (SAST, SCA, secrets, IaC scanning)
• Strong vulnerability triage and remediation management experience, including risk-based prioritization and SLAs
• Experience with CNAPP (or equivalent cloud security platforms) and tuning findings for engineering actionability
• Working knowledge of Kubernetes/container security in production systems
• Ability to partner with developers and platform teams to ship secure defaults without blocking delivery
• Comfortable writing scripts and automations to improve security reliability and scale
• Experience in incident response, investigation, and post-incident hardening in cloud-native environments
• Familiar with SOC 2 requirements and comfortable implementing technical controls to support compliance
• Security-minded, detail-oriented, and a proactive communicator in remote-first teams

Nice To Haves

• Multi-cloud experience beyond AWS (e.g., Azure/GCP/OCI)
• Offensive security/pentesting background and ability to convert findings into durable engineering fixes
• Experience scaling security at a startup from early stage to audit-ready maturity
• Relevant security certifications (e.g., OSCP, OSCE, AWS Security Specialty, Kubernetes security certs)
• Proficient with identity and access systems (Okta, Google Workspace, cloud IAM) and access lifecycle management

Responsibilities

• Design and implement security controls across cloud, infrastructure, and internal platforms
• Partner with engineering to harden cloud architecture, IAM, and infrastructure
• Own product security reviews for new features, services, and major architecture changes
• Drive threat modeling and secure design decisions early in the SDLC
• Operate and improve AppSec workflows (SAST, SCA, secrets scanning, IaC scanning)
• Triage vulnerabilities across application, container, and cloud findings, and drive remediation with risk-based SLAs
• Define and run the vulnerability management lifecycle: intake, prioritization, exception handling, validation, and reporting
• Improve CNAPP coverage and finding quality across cloud accounts and workloads
• Improve Kubernetes and container security posture
• Monitor, investigate, and respond to security events and incidents
• Build automation to improve security operations, access workflows, and incident response
• Support the compliance function by implementing and maintaining technical controls for SOC 2 and ISO 27001, and by documenting security processes, playbooks, and policies that scale with the company.
• Support the IT team with timezone coverage for core operational security tasks, including SaaS administration (Okta, Google Workspace, 1Password), onboarding/offboarding workflows, and endpoint access management (MDM, VPN, and secure device provisioning) for a fully remote team.

Benefits

• Compensation & Equity: Competitive salary, clear performance-based incentives, and equity package, making you an integral part of XBOW’s growth story.
• Career Growth: Significant opportunities to progress within the sales organization and shape your career trajectory as we scale.
• Meaningful Work: You’ll directly impact XBOW’s mission to revolutionize cybersecurity and protect organizations worldwide.