Cloud Security Engineer

About OleriaOleria provides adaptive and autonomous identity security solutions that help organizations accelerate at the pace of change, trusting that their data is protected. Oleria enables organizations to have comprehensive visibility into their access posture and autonomously identifies and mitigates access risks before they can be exploited. Founded by cybersecurity industry veterans with decades of experience building and operating some of the world's largest security programs, Oleria allows organizations to pursue their best ideas, removing the barriers that keep team members from collaborating. Oleria has received over $43M in funding from Evolution Equity Partners, Salesforce Ventures, Tapestry VC, Zscaler, and other technology luminaries. Oleria sets business free. For more information, please visit www.oleria.com and follow Oleria on LinkedIn and Twitter.
Oleria was founded by notable industry senior leaders Jim Alkove and Jagadeesh Kunda, with deep security, data, and SaaS experience building and securing some of the world’s largest platforms and products used by billions of people worldwide every day. Our customers are Fortune 500 corporations and public sector organizations, making your contributions vital to improving data security for millions worldwide. We are proud to be recognized as a Best Place to Work and Best Startup to Work For by Built In Seattle!
About The JobOleria is hiring a Cloud Security Engineer to join the Security team. This new role provides an exciting opportunity for an experienced AWS Cloud security professional to make an impact and lead Oleria security initiatives across the enterprise. Reporting to the VP of Security, this role requires frequent collaboration with development teams to ensure secure infrastructure and architectural principles are integrated across the SDLC. The person in this role will also provide vulnerability remediation guidance, develop and nurture a partnership model between the Information Security team and Software Development teams, and participate in security activities such as tuning existing toolsets and managing inventory of software assets.

Job Responsibilities

• Build automation, policy-as-code, and security tooling that enables development teams to "shift left" and integrate end-to-end security into their workflows
• Design and implement secure baselines for cloud resources based infrastructure
• Implement Security fixes in the product to meet the SLAs.
• Drive vulnerability management and remediation efforts – prioritizing issues, implementing mitigations, and designing strategic preventative controls in software supply chains from development through production
• Extend our detection and response capabilities – building scalable solutions to identify malicious activity, triage alerts, and investigate and remediate incidents
• extending our DevSecOps and Product Security practices to Oleria  FedRAMP environment and ensure it meets key security requirements
• Act as security advisor to SWE, which includes triaging security vulnerabilities, illustrating common exploits, assessing reachability from an attacker’s perspective, and assisting with remediation of agreed upon priorities
• Build relationships with software engineers to illustrate the ‘how’ and ‘why’ behind vulnerability remediation strategies
• Work with architects and software engineers to review and design security requirements for new software features and the maintenance of current software
• Work with Risk & Compliance teams on ISO 27001, SOC2, PCI-DSS,  and other audits as needed.
• Integrates 3rd-party testing solutions into CI/CD pipelines and development cycles
• Define security guardrails through automated tool policies, SLAs, custom rules.
• Excellent communication skills: verbal, written, and presentational
• Ability to present to various levels of stakeholders on metrics created within security analysis tools to guide AppSec program strategy
• Ability to document and track work based on initiatives set by senior leadership

Required Experience

• We are seeking individuals with at least 3 to 5 years of experience as an AWS Security Practitioner as well as 3-5 years of previous experience in software engineering in startup  environments
• Experience with AWS security principles.
• Experience in Infrastructure as code (Terraform, Cloudformation, Helm). Bonus if you have experience with Pulumi.
• Experience with Docker, Lambda and serverless security
• Deep understanding on security API at scale
• Experience working within frameworks and guidelines such as ISO 27001 and the OWASP Top 10 .
• Experience integrating 3rd- party and/or custom security testing solutions into CI/CD pipelines
• Experience with tuning and managing security testing tools such as Wiz, Crowdstrike
• Experience withThreat modeling
• Bachelor’s Degree in Computer Science, Information security OR related professional experience

Preferred Experience

• Strong AWS cloud security experience
• Proven ability to lead technical security reviews of products and architectures, conduct threat modeling exercises, and translate findings into actionable security controls
• Any experience or interest in Cloud Security, IAC, container security, or AI security
• A passion for cross-departmental education and communication
• Interest in how security can inform business processes, whether by driving revenue or cutting costs
• Experience working in organizations that develop software and/or operate managed infrastructure and technology services for their own customers

What We Offer

• Competitive salary, equity, and benefits package.
• Opportunities for professional growth and advancement in a fast-growing company.
• The chance to work directly with our co-founders and contribute meaningfully to shaping the company’s direction.
• A collaborative and dynamic work environment with a dedicated team of professionals.

We use standardized software engineer titles: Software Engineer, Senior Software Engineer, or Principal Software Engineer. Your specific title will be determined upon hiring. We do not use specialized titles like "Backend Engineer" or "Frontend Engineer".