Staff Cloud Security Engineer

Temporal Technologies

Staff Cloud Security Engineer at Temporal securing cloud infrastructure across multiple platforms. Collaborating with engineering teams to build security into reliable software architectures.

Posted 6/1/2026full-timeRemote • 🇺🇸 United StatesLead💰 $225,000 - $275,000 per yearWebsite

Tech Stack

Tools & technologies

AWSAzureCloudCyber SecurityDistributed SystemsGoGoogle Cloud PlatformGRPCKubernetesPythonVault

About the role

Key responsibilities & impact

Collaborate with product and engineering teams to integrate security principles into the design and architecture of cloud infrastructure across multiple clouds (AWS, GCP, Azure, and others).
Secure Temporal's core platform components, including the workflow engine, task queue architecture, and worker execution model - identifying attack surfaces unique to durable, stateful distributed systems.
Conduct threat modeling and risk assessments to identify vulnerabilities and potential attack vectors across our multi-cloud environment, with particular focus on workflow execution, task queue integrity, and client-server trust boundaries.
Secure Temporal's gRPC-based communication layer, including mTLS certificate management, service mesh configuration, and API authentication.
Manage cloud security posture using tools such as Wiz, including misconfiguration detection, compliance monitoring, and remediation across all three cloud providers.
Stay current on emerging cloud security standards and guidance (e.g. CSA Cloud Controls Matrix, CIS Benchmarks) and translate these into actionable internal policy.
Able to participate in on-call rotation.

Requirements

What you’ll need

Bachelor’s degree in Computer Science, Cybersecurity, or a related field (or equivalent experience).
5+ years in cloud security or a related role.
Proven partnership with engineering teams, bringing security expertise to infrastructure access and security posture.
Kubernetes security posture management and auditing, including workload hardening, RBAC design, and admission control.
Demonstrated experience with multi-tenant security architecture, including data plane isolation, control plane hardening, and cross-tenant data leakage prevention.
Strong opinions on the use of AI in different areas (assessments, threat models, penetration testing, etc).
A deep understanding of application architecture and design principles, ability to effectively identify vulnerabilities across multiple programming languages
Experience with secrets management at scale (e.g. HashiCorp Vault, AWS Secrets Manager) and payload encryption patterns such as codec servers for protecting sensitive workflow data.
Proficiency in Go; familiarity with Python. Go is Temporal's primary server and SDK language.
Strong command of gRPC security, mTLS, and service mesh architectures (Istio, Envoy).
Excellent communication and ability to explain complex security concepts to non-technical stakeholders.
Excellent collaboration and communication skills.

Benefits

Comp & perks

Unlimited PTO, 12 Holidays + 2 Floating Holidays
100% Premiums Coverage for Medical, Dental, and Vision
AD&D, LT & ST Disability, and Life Insurance (Standard & Supplemental Available)
Empower 401K Plan
Additional Perks for Learning & Development, Lifestyle Spending, In-Home Office Setup, Professional Memberships, WFH Meals, Internet Stipend and more!

ATS Keywords

✓ Tailor your resume

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

cloud securityKubernetes security posture managementgRPC securitymTLSsecrets managementGoPythonthreat modelingrisk assessmentsmulti-tenant security architecture

Soft Skills

communicationcollaborationability to explain complex conceptspartnership with engineering teamsstrong opinions on AI

Certifications

Bachelor’s degree in Computer ScienceBachelor’s degree in Cybersecurity