Staff Cloud Security Engineer

About The Position

Requirements

• 7+ years in cloud security or cloud-focused application/infrastructure security, with a hands-on engineering background.
• Proven track record translating complex findings into technical and executive-level debriefs. Excellent written and verbal communication is essential.
• Deep AWS expertise; IAM, STS, Organizations, SCP, GuardDuty, CloudTrail, EKS, IRSA, and demonstrated ability to map cross-account attack paths.
• Azure expertise; Entra ID, Conditional Access, RBAC, Activity Logs, Defender for Cloud, AKS, Workload Identity, including cross-tenant and hybrid-identity attack patterns.
• Working knowledge in GCP, IAM, Org Policy, Audit Logs, GKE Workload Identity.
• Working knowledge of cloud-native runtime security, eBPF telemetry, container runtime behavior, and how to spot a workload doing something it shouldn't.
• Kubernetes security at depth (RBAC, admission control, OPA/Gatekeeper, PSS) and IaC review across Terraform, Helm, CloudFormation, and Bicep.
• Comfortable triaging output from AI-assisted cloud-posture and attack-path tools, able to separate risk from noise.
• Cloud incident response and log forensics experience across at least two major cloud providers.

Responsibilities

• Lead Wayfinder Frontier AI Services cloud-domain workstreams end-to-end across customer engagements, proactive reviews, compromise assessments, and post-incident hardening.
• Review and triage cloud security findings from our agentic scanning pipeline, validate true positives, eliminate noise, ground exploitability in the customer's actual cloud environment, and ensure every finding that reaches the customer is a decision they can act on.
• Conduct deep IAM, network, and identity reviews across AWS, Azure, and GCP.
• Lead cloud-native attack path discovery and document exposures and remediation.
• Demonstrated ability to defend findings under pressure with senior customer stakeholders, excellent written and verbal communication is non-negotiable for this role.
• Maintain continuous awareness of cloud-native attack techniques, pure-cloud ransomware, Entra, K8s attacks, OAuth-app abuse, etc.

Benefits

• Restricted Stock Units (RSUs)
• Employee Stock Purchase Plan (ESPP)
• Flexible time off
• Paid company holidays and paid sick time
• Gender-neutral parental leave
• Grandparent leave
• Medical, dental, and vision coverage
• 401(k) retirement plan with company match
• Life and disability insurance
• Health and dependent care FSA
• Voluntary benefits (hospital, accident, critical illness)
• Employee Assistance Program (EAP)
• ARAG pre-paid legal
• Nationwide pet insurance
• Cancer Care program
• Global business travel medical insurance
• Home office allowance
• Mobile phone reimbursement
• Wellness coach
• Wellness/gym reimbursement
• Fertility coverage
• Adoption & surrogacy reimbursement