Senior Cloud Security Engineer

Senior Cloud Security Engineer.

Location: #New_York.
Salary: $128,842 - $258,000 /year.
Employer: Braze.

Responsibilities:
• Working closely with Infrastructure, SRE, and Product Engineering to design secure cloud architectures and develop practical, scalable security controls for new and existing services.
• Implementing and improving end-to-end cloud security controls across AWS, GCP, Kubernetes, CI/CD pipelines, and self-managed systems.
• Leading and improving our existing vulnerability management workflow for cloud assets, including scanning, triage, prioritization, and remediation with tools like Tenable and native CSP capabilities.
• Managing and optimizing security tooling such as CrowdStrike (EDR/CSPM/IR), cloud-native security services, and SIEM detection rules (with the help of our existing SIEM Management function).
• Performing threat modeling for new cloud technologies and patterns adopted across engineering.
• Contributing directly to incident response, cloud forensics, and run-time security investigations.
• Securing and supporting Infrastructure-as-Code deployments, with ownership over the design and hardening of IaC and CI/CD automation pipelines.
• Developing automation using Python and SOAR platforms to improve detection, response, and remediation workflows.
• Enhancing cloud logging, alerting, monitoring, and operational visibility across AWS and GCP.
• Continually assessing cloud security posture and identifying opportunities to reduce risk, harden environments, and adopt best-in-class cloud security practices.

Requirements:
• 5+ years of experience working in Cloud Security, Infrastructure Security, or DevSecOps in a product-focused company.
• Demonstrable, expert level skills in modern enterprise networking.
• Expert-level knowledge of AWS security, including IAM, control plane security, network controls, logging, monitoring, and cloud-native security services.
• Strong understanding of GCP security, with Azure familiarity as a plus.
• Significant experience with self-managed Kubernetes/K8’s.
• Hands-on experience with CrowdStrike, Tenable, and native cloud CSPM/CWPP tooling.
• Proven track record as an incident responder in cloud environments.
• Strong understanding of run-time security, CSPM concepts, cloud forensics, and vulnerability management workflows.
• Deep operational experience with IAM, RBAC, and integrations with external identity providers.
• Experience securing CI/CD pipelines and Infrastructure-as-Code (Terraform preferred).
• Strong Python skills for automation and SOAR workflows.
• Knowledge of securing distributed systems, including experience with self-managed databases such as MongoDB.
• Familiarity with common security frameworks and regulations (SOC 2, ISO 27001, NIST), and understanding how they apply to cloud environments.
• Ability to articulate risk clearly and provide actionable mitigation strategies to engineering teams.
• Strong knowledge of patch management, base image hardening, and version management in containerized and VM-based environments.

⚡ Показать контакты

#Гибрид #ИБ