Senior Information Security Engineer

About The Position

Requirements

• 7+ years of progressive hands-on experience in application security, cloud security engineering, or DevSecOps at scale.
• Expert-level implementation experience with Fastly Next-Gen WAF (Signal Sciences) and Cequence Unified API Protection (or equivalent tools).
• Expert in Terraform for secure infrastructure-as-code; strong experience with policy-as-code (OPA/Rego).
• Deep hands-on expertise with CNAPP/CSPM platforms (CrowdStrike Horizon, Prisma Cloud) and cloud-native detection tools.
• Proven ability to operate in multi-cloud environments with a strong grasp of Zero Trust, identity, and secure workload patterns.
• Experience building and automating controls in regulated environments such as SOC 2, PCI DSS, or ISO 27001.
• Excellent communication and influence skills: able to teach, persuade, and enable engineers at all levels.
• Track record of mentoring others and driving adoption of best practices across organizations.
• Experienced Incident Responder with a proven history of leading security incidents such as those related to credential leaks or credential stuffing attacks from beginning to end.

Responsibilities

• Application & API Security Serve as the primary hands-on builder for Fastly Next-Gen WAF (Signal Sciences) across all production environments to mitigate web-based attacks with low false positives.
• Lead the deployment and tuning of Cequence Unified API Protection for API discovery, behavioral abuse detection, and real-time runtime enforcement.
• Standardize API security patterns across the organization, ensuring deep visibility into shadow APIs and automated blocking of malicious traffic.
• Partner with application teams to integrate threat modeling and security requirements into the design phase of new features.
• Detect & Prevent credential-stuffing attacks ensuring Security Engineering is First-To-Know (FTK)
• Enterprise CI/CD Security & Shift-Left Enforcement Implement and mature policy-as-code frameworks (OPA/Rego or equivalents) tied to organizational guardrails.
• Enforce strict CI/CD quality gates that block critical and high-severity vulnerabilities from reaching production using SAST/SCA tools like Snyk, Semgrep, or CodeQL.
• Drive integration of security scanning tools (IaC, containers, secrets, dependencies, SBOM) into CI/CD pipelines and evangelize shift-left practices to development teams.
• Train and enable engineers to build securely from the start, reducing misconfigurations at the source.
• Web App & Api Protection (WAF & Firewall with IPS/IDS) Deploy and manage AWS Network Firewall & Suricata IPS/IDS rules (or similar e.g. PAN) as code through Terraform to protect ingress, egress, and east-west traffic.
• Implement and maintain advanced network security controls, including VPC Service Controls and hierarchical policies.
• Develop and tune detection rules for Network Security Services, partnering with SIEM owner; support threat hunting and incident investigations
• Container & Kubernetes Security Implement and enforce security controls for Kubernetes clusters (EKS, GKE, or self-managed), including cluster hardening, admission controls, and network policies.
• Drive system hardening across container layers: secure base images, runtime protection (e.g., CrowdStrike), image signing/verification, and vulnerability management.
• Integrate container security scanning (image vulnerability, misconfiguration, SBOM) into build pipelines; enforce runtime protections and least-privilege for workloads.
• Develop and automate guardrails for Kubernetes configurations using tools like Crowdstrike, OPA/Gatekeeper or Kyverno to prevent insecure deployments.
• Secrets Management & Secret Hygiene Enforce a strict "zero-secrets-in-code" policy through pre-merge blocking using tools like GitGuardian, TruffleHog, or Gitleaks.
• Lead the migration of legacy secrets to centralized stores such as HashiCorp Vault, AWS Secrets Manager, or Sealed Secrets.
• Software Supply Chain Security Standardize SBOM (Software Bill of Materials) generation for all internal and third-party software artifacts.
• Implement the SLSA framework (or similar) to ensure the integrity of build pipelines and artifact provenance.
• Deploy artifact signing and verification using Sigstore/Cosign (or similar) to ensure only trusted code runs in production.
• Govern dependency usage to proactively block compromised or "typosquatted" packages from entering the ecosystem.
• System & Host Hardening (CIS & Golden Images) Standardize the creation of "Golden Images" (AMIs/Base Images) based on CIS Benchmarks for all compute resources.
• Eliminate configuration drift by implementing automated remediation workflows for non-compliant hosts.
• Deploy and manage host-based security telemetry (CrowdStrike Falcon) across the entire fleet.
• Scale immutable infrastructure patterns that remove the need for manual system patching.
• Cloud & Infrastructure Security Translate architectural designs into production-ready deployments using Terraform, automation, and repeatable processes.
• Lead deployment and management of CrowdStrike Falcon Complete (CSPM/CNAPP) for posture management, misconfiguration remediation, and drift detection.
• Enforce cloud governance standards through automated baselines, templates, and least-privilege controls across all accounts.
• Prototype and validate new controls or tools to accelerate organizational rollout.
• Deploy Just-In-Time (JIT) identity systems and enforce the principle of least privilege.
• Accomplish task-based, short-lived access, eliminating the need for standing privileges.
• Experience enforcing Principle of Least Privilege (PoLP) on non-human identities (NHI).

Benefits

• Our Utah office features onsite perks such as company-paid meals, massage therapists, a sports simulator, gym, mother’s lounge, and meditation room and meaningful interactions with amazing people.