Security Engineer, AppSec and Cloud

The Security Engineer, AppSec and Cloud will be responsible for securing applications, infrastructure, and cloud environments through vulnerability management, threat modeling, and zero-trust architecture. This role requires deep expertise in application and cloud security, automation of secure SDLC practices, and the ability to partner with engineering teams to establish secure defaults and guardrails. The ideal candidate will reduce risk exposure, define clear SLAs for vulnerabilities, and embed security across the development lifecycle.

Responsibilities

• Perform security reviews across code, infrastructure, and deployments.
• Implement SAST, DAST, and dependency scanning at scale.
• Harden identity, network, data, and secrets management.
• Define and enforce zero-trust security patterns.
• Conduct threat modeling workshops for critical flows.
• Drive secure SDLC adoption with automated checks.
• Partner with engineering to ensure secure-by-default practices.

Requirements

• 5+ years in application or cloud security roles.
• Expertise in SSO, RBAC, and secrets management.
• Strong knowledge of cloud security controls (IAM, KMS, VPC, WAF).
• Hands-on experience with threat modeling and vulnerability scanning.
• Experience partnering with engineers to implement secure defaults.
• Ability to translate risk into actionable remediations.
• Strong skills in documentation and incident response.

Nice to Haves

• Familiarity with compliance frameworks (SOC 2, ISO, GDPR).
• Background in penetration testing or red teaming.
• Experience with DevSecOps tools for secure SDLC.

Awareness of AI model and data security risks.