Senior Security Engineer – Cloud & Data Security

About The Position

Requirements

• Minimum 7+ years in Security roles with at least 5+ years focused on Cloud security engineering,IAM, and Data security
• Bachelor’s or Master’s degree in Computer Science, Cyber Security, or a related field.
• Deep technical expertise in cloud architectures AWS/Azure/GCP; including IAM, networking (VPCs, security groups, PrivateLink), and native security services is strongly desired.
• Strong infrastructure-as-code skills—you write Terraform professionally, not just read it.
• Advanced understanding and experience with container security, Kubernetes, and secure CI/CD pipeline design
• Proven ability to demonstrate incident response experience specifically related to cloud-based malicious activity and breach remediation.
• Advanced Cloud IAM expertise: federation, SSO, PAM/JIT access, service identities, and least privilege design.
• Strong background in cloud network security (segmentation, private connectivity, egress controls, WAF).
• Strong proficiency in scripting languages (e.g., Python, Go, PowerShell) for automation, data analysis, and security tooling development.
• Strong knowledge of security platforms such as CNAPP (Wiz), WAF (Cloudflare), SASE (Netskope)
• Demonstrated ability to lead cloud/saas architecture reviews and influence senior engineering stakeholders.

Nice To Haves

• Experience securing data platforms (nice to have) - Snowflake, Databricks, BigQuery etc.
• Experience in high-growth SaaS or data platforms Organizations (nice-to have)
• Prior experience in Platform Engineering, DevSecops or similar (nice to have)
• Certifications (Preferred): Professional-level cloud certifications are required, such as: AWS: Certified Security – Specialty or Solutions Architect – Professional. GCP: Professional Cloud Security Engineer or Professional Cloud Architect. Azure: AZ-500 (Security Technologies) or AZ-305 (Solutions Architect).

Responsibilities

• Architectural Leadership: Partner deeply with infrastructure and engineering teams to embed security into development workflows, leading high-level technical discussions to guide security efforts and strategic priorities.
• Multi-Cloud Engineering: Design, implement, and continuously improve Sigma Cloud Security across AWS, GCP, and Azure environments with architect-level technical depth.
• Threat Modeling & IR: Conduct cloud threat modeling and demonstrate hands-on experience in Cloud Incident Response, including investigating and remediating malicious activity within cloud environments.
• Identity & Access: Build IAM and privileged access strategy (RBAC/ABAC, federation, least privilege, cross-account access), eliminating standing privilege and long-lived credentials. Develop and enforce IAM best practices, including zero-trust models and privileged access controls across IaaS and SaaS.
• Drive cloud data security controls including classification, encryption/KMS, masking/tokenization, access governance, retention/deletion, and exfiltration risk reduction across APIs and data pipelines.
• Develop automated remediation workflows for recurring cloud misconfigurations, drift, and policy violations to reduce manual effort and response time.
• Security Stack Management: Deploy and manage cloud-native services (CSPM, CNAPP, DSPM, SIEM, DLP, WAF, Kubernetes, and container security).
• Network Defense: Review and apply zero-trust principles through strict network segmentation, authentication, and authorization.
• Automation: Develop sophisticated signatures/rules for cloud security and automate detection and response workflows.
• AI : Use AI securely and effectively to scale security practices and improve team efficiency.
• Continuous Evolution: Stay ahead of threats by leveraging intelligence, attack simulation, and red/blue team learnings.

Benefits

• Equity
• Generous health benefits
• Flexible time off policy. Take the time off you need!
• Paid bonding time for all new parents
• Traditional and Roth 401k
• Commuter and FSA benefits
• Lunch Program
• Dog friendly office