Senior Cloud Security Engineer
Remote (within United States)
CurologyPowerful, personalized skincare formulas prescribed by real dermatology providers. Start the skin quiz to try it for 30 days.
In this role, you will:
- Be responsible for the development, implementation, and management of the company’s cloud security framework. Leveraging a deep understanding of cloud architecture, security protocols, and compliance standards, this role ensures the integrity, confidentiality, and availability of data across our platform. Here are some examples of what you can look forward to working on:
- Cloud security: Implement some of AWS's native security services such as GuardDuty, Inspector, and Macie, and take action on the findings/recommendations from those services. This includes mostly infrastructure-hardening work, such as closing ports, patching machines/containers, adding encryption, etc.
- Security monitoring: Actively monitor our security posture. Establish a security monitoring and alerting process that surfaces potential threats to relevant members of the team.
- Security Advocacy: Collaborate with cross-functional teams to advocate for security best practices, and ensure secure software development life cycle integration.
- Dependency vulnerability management: Conduct regular security assessments, penetration tests, and vulnerability scanning. Provide actionable feedback and ensure mitigation of identified vulnerabilities.
- Automation & Integration: Utilize DevSecOps tools and principles to automate security tasks and integrate security checks into CI/CD pipelines.
- Application security: Evaluate our application security against the OWASP Top 10 to look for particular vulnerabilities or areas of focus. As we identify them, work with engineering teams to remedy issues. Integrate tooling such as Snyk or Github Advanced Security to do static analysis of our codebase and alert developers when potential changes would introduce security vulnerabilities.
- Disaster Recovery + Incident Response Gamedays: Regular testing of our disaster recovery plan. This involves getting a group of responders together to run through a gameday exercise annually.
- Regular penetration testing: Establish a process for doing internal penetration testing regularly at least quarterly. Have an external firm conduct a penetration test at least once per year.
- Security Incident Response: Lead security incident detection, investigation, and resolution. Collaborate with SREs for post-mortem and lessons learned.
- Compliance: Work closely with our legal team and Security and Privacy Working Group to ensure cloud environments are compliant with relevant industry standards and regulations.
- Security Tooling: Recommend, implement, and manage security tools to help in threat detection, vulnerability assessment, and continuous monitoring.
- Documentation: Create and maintain robust documentation related to security policies, procedures, and best practices.
You will be successful if you have:
- 4 years of experience with any combination of the following: security engineering, system and network security, authentication, and security protocols, or application security.
- Experience with network segmentation, network access controls, network monitoring, etc
- Collaborated with engineers and stakeholders to implement secure solutions for infrastructure, applications, and services. Including coordinating audits and remediations for Compliance Regulations
- Cloud security experience, including Containerization/Docker/Kubernetes
- Ability to design and develop solutions to address security needs when third party offers aren't sufficient
- Strong passion for Continuous Improvement and sharing knowledge through mentorship and acting like an owner
Why this role:
- You Make a Difference. We don't expect you to just come in and only pick tickets out of a queue. You will be able to actively contribute in laying out team goal, projects and roadmap
- Work with Amazing People. You will work with others that value collaboration and seek to help each other grow and succeed. Team-up with workmates that have the same passions as you and have fun while doing it
- We Value Development. No matter what level you're at, there's always room for growth personally and within the company. We provide the means for you to accomplish both with mentoring and education/conference stipends
- Join us at an exciting time. We've tripled our business in the last year and we aren't planning on slowing down any time soon
You will love working at Curology because:
- Competitive salary and equity packages
- Comprehensive benefits: medical, dental, and vision insurance for employees; flexible spending account; 401k; mental health & wellness programs
- $75 WFH stipend (remote employees)
- Home office setup stipend (remote employees)
- Minimum Time Off policy (unlimited PTO, with at least 3 weeks off) for exempt employees
- 11 company observed holidays
- Additional holidays: Curology days off (1 per quarter), 1 annual floating holiday (employee’s choice), and Gratitude Week (employees take the full week of Thanksgiving off; business critical teams observe different days)
- Paid parental leave
- pre-tax commuter benefits
- Employee donation matching program
- Company-sponsored events
- Free subscription to Curology or Agency
- The base salary for this position will be between $168,000 to $200,000 depending on your experience, skillset, and geographic location.
Tags: Application security Audits Automation AWS CCPA CI/CD Cloud Compliance DevSecOps Docker Encryption GitHub Incident response Kubernetes Monitoring Network security OWASP Pentesting Privacy SDLC Security assessment Threat detection Vulnerabilities Vulnerability management
Perks/benefits: 401(k) matching Career development Competitive pay Equity Flex hours Flexible spending account Flex vacation Health care Home office stipend Medical leave Parental leave Startup environment Team events Unlimited paid time off Wellness
More jobs like this
Remote, Texas, United States Remote, Texas, United States Full TimeSenior Senior-levelUSD 192K - 264K USD 192K+
Palo Alto Networks
Cortex Systems Engineer, SecOps Platform - North AmericaAnalytics Automation EDR Python Scripting SecOps +3
Career development Competitive pay Medical leave Salary bonus
San Francisco, CA; Chicago, … San Francisco, CA; Chicago, IL; United States Full TimeSenior Senior-levelUSD 167K - 232K USD 167K+
Senior Application Security EngineerAgile Application security AWS Banking FinTech Golang +11
401(k) matching Career development Competitive pay Conferences Equity +4
Remote - United States Remote - United States Full TimeSenior Senior-levelUSD 104K - 276K USD 104K+
Senior Manager, Product Security EngineeringApplication security GitHub Incident response Open Source Product security PSIRT +3
Career development Competitive pay Salary bonus Startup environment Team events
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Analyste CERT / Incident Responder junior (H/F) jobs
- Open SOC Analyst jobs
- Open Senior Cybersecurity Engineer jobs
- Open Analyste CERT / Incident Responder senior (H/F) jobs
- Open Electronic Warfare Advanced Tactical Trainer jobs
- Open IT Security Analyst jobs
- Open Information Security Officer jobs
- Open Senior Information Security Engineer jobs
- Open Consultant SOC / CERT H/F jobs
- Open Cyber Security Specialist jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Security Operations Engineer jobs
- Open Staff Product Security Engineer jobs
- Open Senior SOC Analyst jobs
- Open Product Security Engineer jobs
- Open Staff Security Engineer jobs
- Open Staff Information Security Engineer jobs
- Open o365 Security Architect jobs
- Open Infosec Risk Manager jobs
- Open Cybersecurity Consultant jobs
- Open Chief Information Security Officer jobs
- Open Fortinet Firewall Engineer jobs
- Open Cyber Security Architect jobs
- Open Ingénieur DevSecops H/F jobs
- Open Application security-related jobs
- Open Risk assessment-related jobs
- Open Network security-related jobs
- Open SaaS-related jobs
- Open Governance-related jobs
- Open Pentesting-related jobs
- Open Java-related jobs
- Open Analytics-related jobs
- Open ISO 27001-related jobs
- Open Clearance-related jobs
- Open Vulnerability management-related jobs
- Open CISM-related jobs
- Open Security assessment-related jobs
- Open DevOps-related jobs
- Open APIs-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open Malware-related jobs
- Open Splunk-related jobs
- Open Kubernetes-related jobs
- Open CISA-related jobs
- Open DevSecOps-related jobs
- Open Terraform-related jobs
- Open IDS-related jobs
- Open GDPR-related jobs