Senior Cloud Security Engineer

Braze is seeking a Senior Cloud Security Engineer to join our existing Security Engineering function. Braze is a modern cloud-first SaaS company operating entirely on cloud-native infrastructure with large-scale distributed systems across AWS GCP and self-managed Kubernetes environments. We are looking for an engineer with deep cloud security expertise who can partner with DevOps Infrastructure and Product Engineering teams to strengthen our cloud posture secure our platforms and help drive the future of Cloud Security at Braze.

As a Senior Cloud Security Engineer at Braze you will work on a diverse set of initiatives including:

• Working closely with Infrastructure SRE and Product Engineering to design secure cloud architectures and develop practical scalable security controls for new and existing services
• Implementing and improving end-to-end cloud security controls across AWS GCP Kubernetes CI/CD pipelines and self-managed systems
• Leading and improving our existing vulnerability management workflow for cloud assets including scanning triage prioritization and remediation with tools like Tenable and native CSP capabilities
• Managing and optimizing security tooling such as CrowdStrike (EDR/CSPM/IR) cloud-native security services and SIEM detection rules (with the help of our existing SIEM Management function)
• Performing threat modeling for new cloud technologies and patterns adopted across engineering
• Contributing directly to incident response cloud forensics and run-time security investigations
• Securing and supporting Infrastructure-as-Code deployments with ownership over the design and hardening of IaC and CI/CD automation pipelines
• Developing automation using Python and SOAR platforms to improve detection response and remediation workflows
• Enhancing cloud logging alerting monitoring and operational visibility across AWS and GCP
• Continually assessing cloud security posture and identifying opportunities to reduce risk harden environments and adopt best-in-class cloud security practices

You are someone who can translate complex cloud attack paths IAM misconfigurations and multi-step threat scenarios into clear guidance for engineers and product teams. You bring deep hands-on experience securing large-scale cloud platforms—especially AWS - and understand how to balance strong security controls with operational realities. You stay current with cloud security trends tools standards and threat landscapes and you have a track record of improving real-world cloud security in production environments.

A good candidate will have:

• 5+ years of experience working in Cloud Security Infrastructure Security or DevSecOps in a product-focused company
• Demonstrable expert level skills in modern enterprise networking
• Expert-level knowledge of AWS security including IAM control plane security network controls logging monitoring and cloud-native security services
• Strong understanding of GCP security with Azure familiarity as a plus
• Significant experience with self-managed Kubernetes/K8’s
• Hands-on experience with CrowdStrike Tenable and native cloud CSPM/CWPP tooling
• Proven track record as an incident responder in cloud environments
• Strong understanding of run-time security CSPM concepts cloud forensics and vulnerability management workflows
• Deep operational experience with IAM RBAC and integrations with external identity providers
• Experience securing CI/CD pipelines and Infrastructure-as-Code (Terraform preferred)
• Strong Python skills for automation and SOAR workflows
• Knowledge of securing distributed systems including experience with self-managed databases such as MongoDB
• Familiarity with common security frameworks and regulations (SOC 2 ISO 27001 NIST) and understanding how they apply to cloud environments
• Ability to articulate risk clearly and provide actionable mitigation strategies to engineering teams
• Strong knowledge of patch management base image hardening and version management in containerized and VM-based environments

An excellent candidate will have:

• Hands-on experience securing large-scale high-throughput distributed systems
• Demonstrated expertise in cloud forensics including investigations across AWS or GCP
• Experience managing or operating enterprise-scale CSPM programs
• Experience contributing to SOAR pipelines or building automated remediation systems
• Prior experience in the SaaS space
• Contributions to open-source cloud or security projects
• Published research CVEs conference talks or community-led cloud security work
• Experience conducting or integrating cloud penetration testing or adversarial simulation techniques

For candidates based in the United States the pay range for this position at the start of employment is expected to be between $128842 and $232200/year with an expected On Target Earnings (OTE) between $144000 and $258000/year (including bonus or commission). Your exact offer may vary depending on multiple individualized factors including market location job-related knowledge skills and experience. In addition to cash compensation Braze offers full- and part- time employees a comprehensive Total Rewards package that includes equity grants of restricted stock (RSUs) so that all Braze employees own a piece of our company.

#LI-Hybrid

What We Do

At Braze we believe in the passion of our people. We seek to ignite that passion by setting high standards championing teamwork and creating work-life harmony. We thrive when people add their unique perspectives to our ever-growing teams—and we strive to empower you to make an impact that fuels both you and our business.

Why Work With Us

At Braze we believe in the passion of our people. We seek to ignite that passion by setting high standards championing teamwork and creating work-life harmony. We thrive when people add their unique perspectives to our ever-growing teams—and we strive to empower you to make an impact that fuels both you and our business.

Gallery