Staff Cloud Security Engineer

XometryNorth Bethesda, MD
$180,000 - $200,000Hybrid

About The Position

Xometry is looking for a Staff Cloud Security Engineer to own our cloud security posture and runtime detection capabilities. This is a high-impact, individual contributor role focused on ensuring our live cloud environments and containerized workloads are hardened, continuously monitored, and generating the right signals for our security operations function. This role is about detection architecture, posture management, and runtime visibility. You will be the primary owner of our CrowdStrike platform, working closely with our MDR providers to ensure alert fidelity, tuning, and appropriate escalation. You will also evaluate and potentially implement a cloud SIEM. This isn’t a role where you watch dashboards and write tickets. You’ll be the person who defines how we detect threats, decides how we respond to them, and has the autonomy to fix what you find. If you’re tired of maintaining legacy tooling, navigating slow change management processes, or writing findings that disappear into a backlog, this is the opposite of that. We’re a SaaS-first company running a modern, cloud-native stack. We ship fixes, not tickets.

Requirements

  • Minimum 8 years of experience in cloud security, security engineering, or a related infrastructure security discipline.
  • Hands-on experience with a cloud security posture management (CSPM) platform — CrowdStrike, Wiz, Prisma Cloud, Orca, or equivalent. Prior CrowdStrike experience is a plus but not required.
  • Deep familiarity with AWS security architecture: IAM/SCP policy design, VPC networking, security groups, CloudTrail, and cloud-native security controls. GCP or Azure experience considered in lieu of AWS for strong candidates willing to expand into AWS.
  • Proficiency with infrastructure as code (IaC) tools such as Terraform, OpenTofu, or CloudFormation, with an understanding of how to enforce security standards within IaC workflows.
  • Strong Python and shell scripting skills for security automation, detection rule development, and tooling integration.
  • Must be a US Citizen or legal permanent resident (Xometry handles ITAR-controlled data).

Nice To Haves

  • AWS GovCloud experience.
  • Hands-on Kubernetes security experience: securing and managing production clusters, including Network Policies, RBAC, and Admission Controllers.
  • Experience with cloud-native SIEM solutions, including writing detection rules in Python or SQL.
  • Experience securing microservices architectures, including service mesh security (Istio or Linkerd).
  • Bachelor’s degree in Computer Science, Information Security, or a related field

Responsibilities

  • Own CrowdStrike Falcon configuration, ensuring policies are appropriately scoped, tuned, and generating actionable alerts.
  • Partner with MDR to define alert routing, triage thresholds, and escalation logic, ensuring the right signals reach the right team.
  • Monitor cloud environments (primarily AWS) for security posture drift: misconfigured IAM roles, overly permissive security groups, exposed storage, and non-compliant resource configurations.
  • Secure Kubernetes clusters and containerized workloads: manage Network Policies, RBAC, Admission Controllers, and runtime detection for anomalous container behavior.
  • Develop and enforce cloud security policies and standards for AWS infrastructure, ensuring secure and scalable deployments align with organizational risk posture.
  • Evaluate and lead the implementation of additional detection tooling, including cloud SIEM platforms, designing detection rules and alerting pipelines.
  • Manage infrastructure as code (IaC) security using Terraform or OpenTofu — ensuring IaC definitions meet security standards before deployment.
  • Automate security posture checks and detection workflows using Python and shell scripting.
  • Stay current with the evolving cloud threat landscape and translate emerging threats into detection coverage or posture improvements.

Benefits

  • 401(k) match
  • medical, dental and vision insurance
  • life and disability insurance
  • generous paid time off including vacation, sick leave, floating and fixed holidays
  • maternity and bonding leave
  • EAP
  • other wellbeing resources
© 2026 Teal Labs, Inc
Privacy PolicyTerms of Service