Design, implement, and maintain controls in AWS (IAM, KMS, VPC, GuardDuty, Security Hub, Detective, CloudTrail/CloudWatch), network, endpoint, email, data security, vulnerability, and identity domains.
Define SLOs for control availability, latency, coverage, and drift; implement telemetry to continuously measure those SLOs.
Partner with infrastructure, platform, and application teams to build IaC modules (Terraform/CloudFormation) and platform automations (e.g., Python/Lambda, Step Functions) to enforce guardrails (account vending, baseline hardening, logging enablement, key policies, SCPs) using Git.
Implement break‑glass patterns and least‑privilege workflows that are auditable and reversible.
Engineer data pathways (e.g., CloudTrail, VPC Flow, ECS audit, identity logs) into SIEM/MDR tooling; ensure completeness, timeliness, and schema quality.
Translate Detection and Response Lead feedback on false positives/gaps into logging or control adjustments.
Own scanners/integrations, asset coverage, tagging standards, and develop risk‑based remediation pipelines (ticketing, auto‑remediation for low‑risk classes).
Partner with owners to remove friction (pre‑approved windows, canaries, rollbacks).
Engineer least‑privilege patterns, permission boundaries, conditional access, and automated key/secret lifecycle (rotation, discovery, usage attestations).
Provide ready‑to‑consume roles/policies to teams.
Maintain runbooks, design docs, and reusable modules; ensure changes are versioned, peer‑reviewed, and test‑.
Participate in control‑health and platform on‑call (e.g., logging ingestion failures, drift, outages).
Escalate security events to the Detection & Response Lead/MDR.

Requirements

7+ years in security engineering with production AWS (multi‑account/Organizations) and automation‑first delivery.
Domain experience in at least three of the following:
Network security (segmentation, routing, firewall, proxy, WAF)
Endpoint security (EDR/EPP, hardening, health attestation)
Email security (phishing protection, authentication, inbound/outbound controls)
Data security (classification, DLP, encryption, key management)
Vulnerability management (scanning, prioritization, remediation pipelines)
Container security (image scanning, runtime policy, supply chain)
Identity and access management (policy design, federation, least privilege)
IaC proficiency (Terraform preferred) and Python for automation; CI/CD integration experience (e.g., GitHub Actions, GitLab, CodePipeline).
Experience with root‑cause analysis and remediation of control failures (not incident RCA).
Demonstrated ability to independently drive complex projects to completion, as well as collaborate effectively with a complex set of stakeholders.

Benefits

Employee Ownership Program - every eligible employee shares in the financial rewards that grow when the company grows
Professional development opportunities
Owner Referral Program
Work from home reimbursement for remote/hybrid roles
Canary emergency financial assistance program
Comprehensive medical, dental, vision
Life/AD&D Insurance
Confidential, Employee Assistance Program
Health Savings Account, includes company contribution
Short-term disability
Voluntary benefits - supplemental accident, critical illness, hospital insurance
Employee discounts
401(k) Plan with company match contribution
Addition Wealth Financial Wellness Program
Various Time Off Programs
11 company paid holidays

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

AWSTerraformCloudFormationPythonIaCCI/CDEDRDLPencryptionvulnerability management

Soft Skills

collaborationproject managementcommunicationindependent driving of projectsstakeholder engagement