Please apply in English
About the role
As a Senior Cloud Security Engineer at Signifyd, you will work to control and improve security outcomes across the company. You will operate at the front line of risk, identifying vulnerabilities and threats, and collaborate cross-functionally across the organization to implement defenses.
As a core member of our security team, you will have the latitude to further define and mature our application security capabilities. You will work directly with the various groups within the engineering team as the voice of security, where you will guide our security architecture, secure software development, and ensure consistent and effective mediation of risks.
You will also own one or more foundational security projects, and work with project managers and engineers to successfully execute the software specifications you help develop.
Finally, you will work to increase our visibility into data, infrastructure, entitlements, and logs; you will develop and improve detections for things that matter within our SIEM and other systems, and make sure our infrastructure is always on and customer data stays secure.
You are passionate about information security and desire to solve security problems at scale. You have experience implementing security guardrails and building controls in a software development environment.
- Set up, configure, customize, and implement cloud-based security services to business specifications in a company environment.
- Own the security posture for Signifyd’s infrastructure and applications in AWS primarily and GCP.
- Use cloud-native services to ensure that security guardrails are in place for application teams to use AWS services securely.
- Define standards and develop reusable templates for the application teams to use.
- Review architecture plans as part of “Shift Left” approach. Be a ready, willing, and proactive partner with other teams to achieve secure and agile development.
- Participate and contribute to security planning sessions with Platforms cloud operations and development teams.
- Work collaboratively with application and Platforms teams to define standards for secure development pipelines.
- Develop and deploy continuous compliance monitoring capabilities.
- Serve as a key technical security partner for engineering teams.
- Coordinate with developers, cloud platform engineers, the business, and cloud service providers on security framework design requirements for cloud application services.
- Research Cyber Security trends and emerging technologies, identify our business and technical requirements, perform technical evaluation and support deployment of Cyber Security solutions.
- Required to work Tuesday through Friday during normal working hours instead of the company's Monday through Thursday work schedule.
Job Experience Requirements
- Bilingual with business proficiency in English
- BS or MS degree in Computer Science / Engineering or a related field, or equivalent experience
- 5+ years overall related software engineering experience
- 3 - 5+ years of hands-on experience building, maintaining, and securing Cloud environments in AWS and GCP
- A minimum of 2 years of experience implementing security solutions within cloud environments is required.
- Ability to work outside of business hours to support incidents and business needs.
- Experience reviewing architectural diagrams for proposed solutions and implementing the standard cloud or on-prem services based on compute, data, or security requirements.
- Experience with a diverse set of security products like Okta IAM, AWS Security tools (Cloudtrail, Guard Duty, Inspector) SIEM, key management systems (KMS), PKI.
- Experience with Infrastructure as Code (IaC) like Terraform, Ansible, Strong understanding of DevOps practices/tools including CI/CD Pipelines, IaC. Utilize continuous integration and automation tools such as GIT, Jenkins, Ansible, PowerShell, HashiCorp Terraform.
- Hands-on experience with Docker, Kubernetes, and development of modern CI/CD pipelines.
- AWS cloud security certifications and GCP.
- Experience with cloud operating environments.
- Experience with third-party vendor/supplier risk management, vulnerability management, workforce security training and phishing awareness, DR/BCP development.
- Experience with networking security in a software development environment.
- Experience with compliance frameworks like ISO27001, SOC2, and PCI.
- AI/ML environments are a plus.
We want to provide an inclusive interview experience for all, including people with disabilities. We are happy to provide reasonable accommodations to candidates in need of individualized support during the hiring process.