Staff Security Engineer

About The Position

Requirements

• 12+ years of hands-on experience in enterprise security engineering or corporate information security — specifically securing employee-facing systems, endpoints, identities, and internal infrastructure (not product or application security).
• Proficiency in at least one programming language, used in a security context — writing production-quality automation, integrations, or internal tooling (the team primarily uses Go; Python is also common).
• Experience architecting and integrating enterprise security platforms — designing API integrations, automating workflows, and building tooling that extends platform capabilities across domains such as EDR/XDR, MDM, IAM/IGA, DLP, SaaS security, cloud security, or PKI.
• Experience designing and building security telemetry pipelines and detection infrastructure — log ingestion, normalization, SIEM integration, and alerting architecture.
• Experience leading cross-functional security engineering projects — defining scope, driving execution, and aligning stakeholders across Engineering and IT.
• Track record of conducting security architecture reviews and translating findings into actionable, risk-prioritized remediation plans.
• Experience evaluating security posture and identifying systemic gaps, with a bias toward building durable solutions rather than one-off fixes.

Nice To Haves

• Experience with Zero Trust architecture and identity-centric security models (BeyondCorp-style or similar).
• Familiarity with NIST CSF, MITRE ATT&CK, and CIS Benchmarks as engineering inputs — used to inform what to build and how to validate it, not just as compliance checkboxes.
• Hands-on AWS security experience (SCPs, GuardDuty, Security Hub, IAM, etc.) and familiarity with integrating cloud security signals into a corporate security platform.
• Experience with applied cryptography and PKI in a production enterprise environment — certificate lifecycle management, CA design, or secrets management.
• Familiarity with securing AI/ML platforms or applications built on LLMs, RAG pipelines, or MCP-based architectures.
• Security certifications such as CISSP, GCED, GREM, or similar (valued but not required).

Responsibilities

• Own the architecture and implementation of Aurora's enterprise security controls — designing the systems and integrations that protect Aurora's endpoints, identities, internal infrastructure, and SaaS environment.
• Design and build Aurora's security telemetry and detection infrastructure, including log pipelines, SIEM integrations, and alerting frameworks — in partnership with the Security Operations Engineer who owns ongoing tuning and rule development.
• Define and enforce enterprise security standards, conducting architecture and design reviews to ensure alignment with Aurora's security posture and risk tolerance.
• Partner with IT, Infrastructure, and Engineering teams to embed security requirements early — shifting left on corporate IT initiatives before they become technical debt.
• Build automation and tooling that extends the capabilities of Aurora's security platforms, reduces manual operational burden, and scales the team's impact.
• Serve as the escalation point for enterprise security incidents requiring engineering-level investigation or remediation, and participate in the team's on-call rotation.
• Translate security strategy into concrete, executable engineering projects with clear milestones and measurable outcomes.

Benefits

• annual bonus
• equity compensation
• health insurance
• dental insurance
• vision insurance