FREE ACCESS
5,000–10,000 jobs/day

See all jobs on JobTailor
Search thousands of fresh jobs every day.
Discover
- Fresh listings
- Fast filters
- No subscription required
Create a free account and start exploring right away.
Tech Stack
Tools & technologiesAWSCloudGrafanaKubernetesSDLCTerraform
About the role
Key responsibilities & impact- Own and improve the security of our platform, products and engineering delivery process, with a strong focus on application security, secure SDLC, cloud security and customer-facing compliance.
- Implement controls, fixes, tooling and detections directly - we are looking for a builder who does the work, not an advisor who hands it to others and waits.
- Work closely with Engineering, DevOps, Product and QA, and manage one internal Security Engineer who owns corporate, identity and endpoint security and supports you on day-to-day compliance.
- Lead application security across the product portfolio - threat modeling, secure design reviews, code-review support, and hands-on remediation work alongside developers.
- Embed security into the SDLC and CI/CD without creating unnecessary delivery friction. Build, own and tune security tooling (SAST, DAST, dependency and container scanning, secrets detection) and implement policy-as-code and pre-merge gates in our Terraform and Terragrunt pipelines yourself.
- Identify, validate, prioritize and remediate vulnerabilities in applications, APIs, infrastructure and third-party integrations, working hands-on with engineering and advising pragmatically on risk trade-offs.
- Own the security posture across AWS and Kubernetes - IAM and network design, encryption, logging baselines, configuration drift and cloud security posture management.
- Build and tune cloud detections (CloudTrail, GuardDuty, Security Hub), write runbooks, and act as the technical security lead for product and cloud incidents, partnering with DevOps for investigation and containment.
- Drive the security review of new features, architecture decisions, integrations and platform changes, especially where customer data, authentication, authorization or data-processing risks are involved.
- Manage, mentor and develop our internal Security Engineer, including 1:1s, performance reviews, leave approvals and day-to-day delegation. Corporate IT, identity and endpoint security are owned by them, not by you, so you can focus on product and cloud security.
- Own and drive our SOC 2 and ISO 27001 programs end to end - control design, evidence automation and primary auditor liaison - and maintain policies and control documentation in Confluence.
Requirements
What you’ll need- Hands-on builder, not an advisor: You implement security yourself - controls, fixes, tooling and detections - rather than handing work to others and waiting for it to happen. This is a doing role.
- Product and cloud security depth: Strong hands-on background in application security and secure software development in cloud-native environments (AWS, Kubernetes, CI/CD, containers, infrastructure-as-code).
- Comfortable in code: Comfortable reading code, reviewing APIs and architecture, and working directly with developers on remediation.
- Compliance driver: Proven ability to drive SOC 2 and ISO 27001 workstreams, from control design to auditor interaction, not only evidence collection.
- People leadership: Able to manage and develop one engineer, including delegation, 1:1s and performance.
- Pragmatic communicator: Balances hands-on technical work with the process discipline of enterprise B2B SaaS, and explains risk clearly to engineers, leadership, auditors and occasionally customers.
- AI-forward: Comfortable using AI and LLM tools day to day and genuinely open to adopting them further. Deep AI-security expertise is not required, but a fundamental willingness to engage with AI is expected; an unwillingness to work with AI is not a fit.
- Atlassian native: Works day to day in the Atlassian stack (Jira, Confluence) as our primary documentation and workflow systems.
- Nice to Have: Experience securing AI/LLM or agent-based features (prompt injection, tool and agent permissions, model-access controls). Hands-on familiarity with the security and observability platforms we use, such as Snyk, Rapid7 and Grafana Cloud, and with Microsoft Sentinel for cross-team investigations. Experience in cyber threat intelligence, attack surface management, threat hunting or other security-product environments. Prior experience in a PE-backed or scale-up software company where security, compliance and delivery speed all matter. Prior experience working as a software engineer or in a DevOps role. Certifications such as CISSP, CSSLP, OSCP, AWS Security Specialty, CKS, ISO 27001 Lead Implementer or similar, helpful but not required.
Benefits
Comp & perks- Competitive compensation
- Remote-friendly culture
- Wellness programs
- Employee recognition program
- A variety of professional development opportunities
- Inclusive culture focused on people, customers and innovation
ATS Keywords
✓ Tailor your resumeApplicant Tracking System Keywords
Tip: use these terms in your resume and cover letter to boost ATS matches.
Hard Skills & Tools
Secure SDLCThreat ModelingCode ReviewVulnerability RemediationSecurity Tooling ImplementationInfrastructure-as-CodePolicy-as-CodeContainer SecurityAPI SecurityCloud Security Posture Management
Soft Skills
People LeadershipPragmatic CommunicationCollaboration
Certifications
CISSPCSSLPOSCPAWS Security SpecialtyCKSISO 27001 Lead Implementer
