FREE ACCESS
5,000–10,000 jobs/day

See all jobs on JobTailor
Search thousands of fresh jobs every day.
Discover
- Fresh listings
- Fast filters
- No subscription required
Create a free account and start exploring right away.
Tech Stack
Tools & technologiesAWSCloudSDLC
About the role
Key responsibilities & impact- Plan and (help) execute penetration tests against web applications, APIs, and cloud infrastructure, and manage external pentest engagements including scoping, vendor coordination, and remediation tracking.
- Embed security across the full SDLC: leading threat modeling, security assessments, and vulnerability remediation in close collaboration with our engineering and product teams.
- Own and evolve our cloud security posture across our AWS environment, working with Wiz (CSPM, CNS, Code, AI Security) to drive risk prioritization, misconfiguration remediation, and shift-left security workflows.
- Champion security controls within our CI/CD pipelines, from IaC scanning and SAST integration to secure deployment practices, working closely with DevOps and development teams.
- Support security incident response, investigation, containment guidance, and post-incident review and help mature our detection and response workflows over time.
- Translate compliance requirements (SOC2, ISO 42001, GDPR) into concrete technical controls and act as a technical point of contact for customer security discussions, questionnaires, and enterprise onboarding.
- Conduct vendor and third-party security risk assessments to protect our supply chain and advise on emerging AI/ML security risks as these technologies become more deeply embedded in our product.
- Share knowledge and raise the craft, you’ll naturally become a technical anchor for your teammates and a collaborative voice across engineering on what good security looks like in practice.
Requirements
What you’ll need- 3–7 years of hands-on experience in application security, cloud security (AWS), or a broad security engineering role.
- Proven experience conducting penetration tests on web applications, APIs, and/or cloud environments, with a solid grip on OWASP Top 10 and common vulnerability classes.
- Solid understanding of AWS security: IAM, VPC design, cloud-native architecture and a clear intuition for what secure cloud infrastructure looks like.
- Familiarity with application security testing tools (SAST, DAST) and a practical understanding of DevSecOps: you know where to plug in and how to make it stick with developers.
- Strong communication skills, you can explain security risks clearly to both engineers and non-technical stakeholders, and you don’t default to “no” when there’s a smarter path forward.
- A growth mindset and genuine curiosity, you’re comfortable operating across domains, actively building skills you don’t yet have, and you see a broad scope as an opportunity, not a burden.
Benefits
Comp & perks- Unlimited vacation policy
- Apple gear
- Daily lunch
- Team events organized by our legendary Fun Force
ATS Keywords
✓ Tailor your resumeApplicant Tracking System Keywords
Tip: use these terms in your resume and cover letter to boost ATS matches.
Hard Skills & Tools
Penetration TestingOWASP Top 10AWS SecuritySASTDASTVulnerability RemediationThreat ModelingCompliance Requirements (SOC2, ISO 42001, GDPR)Cloud-Native ArchitectureIaC Scanning
Soft Skills
Strong Communication SkillsGrowth MindsetCuriosityCollaboration
