Senior Product Security Engineer

We are seeking a Senior Product Security Engineer to join our Cloud Engineering Services team. This is a unique opportunity to make a meaningful impact by securing large-scale cloud infrastructure and foundational cloud services. In this highly cross-functional role, you will collaborate closely with product engineering and infrastructure teams to safeguard microservices and infrastructure operating in public cloud environments. You will play a key role in enhancing the security posture of services built on Kubernetes and other distributed technologies, ensuring resilient and secure deployments at scale.

What you will be doing:

• Engage with product engineering teams to conduct security reviews of services and new product features. Utilize threat modeling techniques to identify potential security risks and security controls to mitigate these risks.

• Design and implement security controls to protect the cloud infrastructure, Kubernetes clusters, and the services that run on them.

• Assess security findings identified by various scanning tools, and guide product engineering teams on the identified risks and the mitigation strategies.

• Develop tooling to automate security tasks, including integrating tools and processes into CI/CD pipelines for proactive vulnerability detection and remediation

• Create alerts for threat detection and other notable events to monitor the infrastructure and services.

• Collaborate with multiple business units, vendors, and engineering teams on security and compliance certifications, such as PCI and SOC2.

What we need to see:

• Bachelor’s or Master’s degree in Computer Science, Engineering, or related field.

• 5+ years of hands-on experience in designing and building security controls to support large-scale, fault-tolerant distributed services.

• 5+ years of experience with programming in Python or similar languages.

• Strong experience with cloud infrastructure platforms like AWS, Azure, or Google Cloud.

• Expertise in cloud security, container security, application security, and performing security code reviews.

• Proficiency in Infrastructure as Code and Configuration Management tools like Terraform.

• Proficiency in security principles, encryption algorithms, hashing, and digital signatures to protect data in transit and at rest.

Ways to stand out from the crowd:

• Background in application security, authentication, and authorization protocols and standards.

• Experience in conducting penetration testing and vulnerability assessments.

• Proficiency in various monitoring tools such as Prometheus, Grafana, Cloudwatch, and Thanos.