Senior Security Engineer

As a Senior Security Engineer, you'll harden the security posture of our AWS environment and our software development pipeline. Cloud Security and vulnerability management in Wiz are the primary focus.

You'll partner with DevOps, Engineering, and our Application Security Engineer to build preventative controls across infrastructure, identity, and CI/CD. The work is hands-on: configuring tooling, reviewing architecture, hardening pipelines, and supporting application security work where your range is needed.

• →Own cloud security posture across our AWS environment using Wiz and AWS-native services, reducing risk across IAM, network segmentation, container security, secrets, and data exposure.
• →Establish secure defaults in our Infrastructure as Code through reusable modules, guardrails, and policy as code.
• →Harden CI/CD pipelines in partnership with DevOps.
• →Run vulnerability management across cloud and application findings: intake, prioritization, SLA tracking, and remediation with engineering.
• →Build automation that scales the program: ingestion, deduplication, prioritization, and developer-facing workflows.
• →Instrument telemetry, alerting, and runbooks for the systems you own.
• →Operate and tune our WAF: managed and custom rules, rate limiting, and bot mitigation.

• 5+ years of hands-on security engineering across cloud security and vulnerability management.
• Strong AWS security background: IAM, networking, container orchestration, and logging and audit.
• Hands-on experience securing CI/CD pipelines and Infrastructure as Code; Terraform required.
• Experience running or substantially contributing to a vulnerability management program.
• Working knowledge of OWASP Top 10 and threat modeling.
• Operates independently and drives projects without day-to-day oversight.

• Experience with our stack: Wiz, Cloudflare (WAF, Gateway, Zero Trust), GitHub Advanced Security, Spacelift, and AWS-native services.
• Hands-on WAF experience in production: writing and tuning rules, managing false positives, responding when something gets through.
• AI/ML security exposure: prompt injection, data poisoning, model abuse, and the controls that mitigate them.
• Secrets management platforms (AWS Secrets Manager, Keeper, Infisical).
• Identity security across human and non-human identities.
• PCI-regulated or financial services environment.
• Familiarity with Ruby on Rails, Python, or Go.

The ideal candidate measures success by reduced risk, not tickets closed, and reaches for secure design and simplicity before another control. They think like an attacker but bring a developer mindset to their partnership with engineering, connecting the dots across cloud, identity, and pipeline rather than treating each as a separate domain. Engineers trust their technical judgment, and when something is blocked, they come with a proposed path forward.