Description

As a Cloud Application Security Engineer, you will be pivotal in ensuring our cloud environments and developed software meet stringent security standards and safeguard critical information. This hands-on role involves collaborating closely with engineering teams, establishing robust security processes, and driving a significant positive impact on our organization's overall security posture.

What You'll Do

• Partner with engineering teams to build secure CI/CD pipelines and ensure the security of applications and cloud environments.
• Develop, support, and refine security tools for engineering teams to maintain secure applications and cloud infrastructure.
• Proactively identify potential vulnerabilities, highlight areas for improvement, and support team leads in remediating security issues.
• Provide expert guidance to engineering teams on cloud and application security reviews, threat modeling, and the resolution of security vulnerabilities.
• Drive security-focused projects to ensure timely and successful completion.
• Integrate security practices into the systems development life cycle (SDLC) to ensure security is built-in from the outset.
• Contribute to the development and maintenance of security policies, standards, procedures, and guidelines.

In order to succeed in this position, you will need

Mandatory Skills:

• Advanced English: Excellent written and verbal communication skills.
• Strong Technical Foundation: Proven background in Development, DevOps, or Engineering with strong Python experience.
• Cloud Expertise: Experience with cloud technologies, with a strong preference for AWS and Azure.
• CI/CD Pipeline Experience: Hands-on experience with CI/CD pipelines (GitLab or similar).
• Infrastructure as Code (IaC): Experience with IaC tools such as Terraform (or others).
• Infrastructure Understanding: Solid understanding of underlying application infrastructure, including cloud (compute, storage), DNS, and networking.
• Code Remediation & Automation: Ability to understand and fix code, collaborate directly with engineers, and develop/script solutions for automation.
• Secure Development Practices: Comprehensive understanding of secure software development practices, including threat modeling, secure design principles, secure coding, code analysis, security testing, and Application Security automation.

Nice to Have:

• Relevant Security Certifications: GCLD, GCPN, GPCS, GCSA, GWEB, CCSP, CISSP, CISM, or OSCP (OSCP strongly preferred).

Non-technical Skills:

• Technical Communication: Proven ability to effectively communicate technical issues to both technical and non-technical audiences.
• Stakeholder Management & Influence: Excellent skills in managing stakeholders and influencing security practices.
• Vision & Strategy: Ability to collaborate across disciplines to create a clear security vision and strategy.
• Autonomy & Initiative: Self-driven with the ability to work autonomously.
• Communication: Excellent written and verbal communication skills.

Note: If you feel strongly that you have what it takes for this role but don’t check 100% of the boxes—that’s okay—we encourage you to apply anyway and highlight what you can bring to the table.