Senior Security Engineer

Federato

About The Position

Federato is on a mission to defend the right to efficient, equitable insurance for all. We enable insurers to provide affordable coverage to people and organizations facing the issues of today - the climate crisis, cyber-attacks, social inflation, etc. Our vision is understood and well funded by those behind Salesforce, Veeva, Zoom, Box, etc. Federato is the only AI-native platform that spans the full policy lifecycle and changes the way insurance work gets done. Better decisioning is built-in, not bolted on: insurers' unique portfolio goals, strategies, rules, and appetite are part of the workflow so underwriters win the right deals, faster. From the moment a submission hits an underwriter’s inbox, AI is put to work, triaging submissions with a focus on high-appetite business, delivering real-time feedback on the portfolio, and consolidating workflows into a single proven system. Federato drives better business outcomes.

Requirements

5+ years of hands-on experience managing cloud infrastructure and automation.
Experience in achieving SOC2 Type II, ISO 27001, or similar certifications
Experience with Node.js or Python for backend services in a microservices architecture.
3+ years of experience with cloud providers, preferably Google Cloud Platform (GCP).
Solid experience with cloud security on GCP or AWS, including IAM, Kubernetes, and IaC.
Knowledge of asynchronous processing, message queues (e.g., Kafka, Pub/Sub), and event-driven architecture for backend applications.
Experience focused on the internal engineer team success

Responsibilities

Contribute to our application security program. Work with our SAST, DAST, and SCA tooling, triage and prioritize vulnerabilities, and partner with engineering teams to drive remediation. Participate in threat modeling and secure design reviews on new products and services.
Share incident response on-call. Investigate, contain, and resolve security incidents alongside the rest of the team. Help refine our runbooks, detection coverage, and post-incident process.
Help harden our cloud and Kubernetes environment. Contribute to security posture across GCP and GKE: IAM and least-privilege, secrets management, container and supply chain security, and IaC guardrails (Terraform).
Build detections and security automation. Engineer high-signal detections from cloud, identity, and application telemetry. Automate the toil of vuln triage, access reviews, SaaS posture, questionnaire workflows so the team scales.
Streamline customer security work. Help respond to customer security questionnaires and audits, and build internal tooling and a knowledge base so this scales as deal volume grows.
Strengthen business continuity and DR. Help assess threats to continuity, contribute to DR plans, and run real exercises against them.
Help drive a security culture across engineering. Pair on developer training, secure-coding guidance, and standards work to make the secure path the easy path.