Lead - Cloud Security Engineer

Company Description

Organizations everywhere struggle under the crushing costs and complexities of “solutions” that promise to simplify their lives. To create a better experience for their customers and employees. To help them grow. Software is a choice that can make or break a business. Create better or worse experiences. Propel or throttle growth. Business software has become a blocker instead of ways to get work done.

There’s another option. Freshworks. With a fresh vision for how the world works.

At Freshworks, we build uncomplicated service software that delivers exceptional customer and employee experiences. Our enterprise-grade solutions are powerful, yet easy to use, and quick to deliver results. Our people-first approach to AI eliminates friction, making employees more effective and organizations more productive. Over 72,000 companies, including Bridgestone, New Balance, Nucor, S&P Global, and Sony Music, trust Freshworks’ customer experience (CX) and employee experience (EX) software to fuel customer loyalty and service efficiency. And, over 4,500 Freshworks employees make this possible, all around the world.

Fresh vision. Real impact. Come build it with us.

Job Description

As the Lead Cloud Security Engineer, you will be the primary driver for securing our AWS cloud ecosystem. You will architect, implement, and manage our cloud security framework, ensuring the protection of our infrastructure, applications, and data. This role requires a hands-on expert who can lead complex security initiatives, provide strategic consultation on secure architecture, and mentor engineers on security best practices to fortify our overall security posture.

Key Responsibilities:

• Cloud Security Strategy: Lead the continuous enhancement of our AWS security posture by identifying risks, implementing mitigation strategies, and managing cloud security policies.

• Secure Architecture & Implementation: Architect and implement robust security controls for our cloud infrastructure. Provide expert consultation on secure design for services like EC2, S3, RDS, Lambda, and containerized environments.

• Automation & Policy as Code: Develop and manage security policies and infrastructure using Infrastructure as Code (Terraform/CloudFormation) and automate security operations using Python (Boto3).

• Identity & Access Management (IAM): Own the IAM strategy, including the management of roles, permissions, access controls, and secrets management to enforce the principle of least privilege.

• Compliance & Governance: Implement and maintain controls to ensure our cloud environment is compliant with global security and privacy standards (e.g., SOC 2, ISO 27001).

• Security Leadership: Lead new security initiatives from conception to completion and act as a key advisor and mentor to Product and DevOps engineers on security best practices.

Qualifications

Core Experience:

• 7-9 years of dedicated experience within the information security domain.

• Proven track record of designing, implementing, and managing security for a large-scale AWS environment.

• Hands-on experience in a DevOps, SRE, or SecDevOps role is highly preferred.

• Experience working in a global SaaS-based product environment is a significant plus.

Technical Proficiency (Required):

• Cloud Platform: Expert-level knowledge of AWS and its core services (e.g., IAM, EC2, S3, RDS, Lambda, VPC, Security Groups, KMS).

• Infrastructure as Code (IaC): Expert, hands-on proficiency with Terraform or CloudFormation.

• Automation & Scripting: Expert proficiency in Python and the Boto3 library for AWS automation.

• Container & Serverless Security: Strong experience with securing Docker, Kubernetes, and serverless architectures.

• Operating Systems & Networking: Deep understanding of Linux/UNIX, Active Directory, and common network protocols (TCP/IP, DNS, HTTP/S).

Security Expertise:

• Security Fundamentals: Deep knowledge of least privilege, vulnerability management, threat modeling, and common attack vectors.

• Identity & Data Security: Expertise in implementing and managing IAM policies, SSO, KMS, secrets handling, and data encryption.

• Vulnerability Management: Solid understanding of application, infrastructure, and network vulnerabilities and their mitigation.

Core Competencies:

• Problem-Solving: Exceptional critical thinking, analytical, and decision-making skills.

• Leadership & Influence: Ability to lead security initiatives and mentor other engineers effectively.

• Communication: Excellent written and verbal communication skills, with the ability to articulate complex technical concepts to diverse audiences.

Preferred Skills & Experience:

• Published contributions to the security community (e.g., blog posts, open-source tools).

• Experience presenting at security conferences or industry events.

• Direct experience working with compliance, privacy, or IT audit functions.

Additional Information

At Freshworks, we are creating a global workplace that enables everyone to find their true potential, purpose, and passion irrespective of their background, gender, race, sexual orientation, religion and ethnicity. We are committed to providing equal opportunity for all and believe that diversity in the workplace creates a more vibrant, richer work environment that advances the goals of our employees, communities and the business.