Senior Cloud Security Engineer

The Opportunity

We seek a trustworthy and proactive Senior Cloud Security Engineer as the technical thought leader and driver of continual cloud security across Incode. As a key security hire at Incode you will work to ensure a continual and secure cloud security posture while building automation and infrastructure to support our security capabilities and operations across multi-cloud SaaS hybrid and private cloud solutions. In close collaboration with our security team members the compliance team the SRE team and product engineering teams we share the responsibility to identify protect detect respond and recover from cyber threats.

If you are a hands-on Cloud Security Engineer passionate about taking a risk-based proactive and automated approach to securing all cloud assets in our corporate and product at Incode we would love to chat with you. This is an exciting opportunity to shape and build a forward-leaning cloud security program and directly influence our overall security strategy.

Responsibilities

• Discover the top security challenges we face and partner with teams across the company to be hands-on in implementing your security recommendations.

• Build security controls that detect prevent and correct cloud vulnerabilities in our very complex multi-cloud hybrid and private cloud environment.

• Architect and design infrastructure to support the security team’s mission and ensure well-architected fundamentals (logging identity and access controls etc).

• Build deploy and manage production security tools and services to monitor networks endpoints and cloud workloads

• Build maintain and evolve a reliable and low-touch infrastructure using technologies such as Terraform Kubernetes and immutable images

• Facilitate the security baked into our cloud infrastructure for our applications and customer data

• Contribute changes to production security infrastructure and platforms (e.g. configure GuardDuty or AWS Config Kubernetes VPNs Secrets Manager etc)

• Help your peer engineers grow their own security reasoning and knowledge

Qualifications:

• 5+ years experience deploying and securing services on public cloud infrastructure

• Detailed understanding of cloud and network security

• Detailed understanding of Kubernetes components and cloud-native security

• Fluency in one or more programming or scripting languages

• Experience building deploying and customizing security tools to address threats and lower risk: CSPM vulnerability scanners static analyzers web application firewalls IDS/IPS endpoint security monitoring etc.

• Knowledge of networking and web protocols (TCP/IP HTTP TLS REST) and the ability to analyze traffic to find anomalies

• Depth and experience in modern cloud technology components and deployment patterns: virtual machines containers Kubernetes serverless infrastructure as code etc.

• Depth and experience with at least one common cloud service provider: AWS GCP Azure

• Understanding of security weaknesses exploits attacks and mitigations

• Outstanding written and verbal communication

• Experience with most of the following: AWS security tools (GuardDuty AWS Config CloudTrail) Terraform Kubernetes Containers Open Policy Agent Secrets Management SIEM

• Excellent collaborative skills

• Outstanding written and verbal communication

Preferred Experience and Certification:

• SaaS Startup experience in security focused industries such as fintech security software and services healthtech identity and access management.

• Familiarity in continuous integration and Infrastructure as Code

• Experience designing and optimizing high throughput ETL pipelines

• Possess a breadth of knowledge and experience across the information security domain such as endpoint security detection engineering incident response application security or automation

• Experience as a software engineer infrastructure engineer or site reliability engineer

• Experience detecting or responding to threats in Kubernetes (K8s) AWS and Linux environments

• Certifications in AWS GCP or Azure Cloud Security Application Security and/or Offensive Security (eg. AWS Security Specialty CCSP CompTIA Cloud+ Security+ OSCP GWAPT GPEN CEH CISSP etc).