What You’ll DoDetect, protect, and respond (hands‑on)Own day‑to‑day security operations for cloud and Kubernetes workloads (threat detection, alert triage, incident response, forensics, and post‑incident learning).Build and tune detections and automations (SOAR/runbooks, detection‑as‑code, Sigma/queries) to reduce MTTA/MTTR and eliminate noisy alerts.Secure our delivery pipelines & runtimeHarden CI/CD and software supply chain (secrets, SBOMs, artifact signing, SLSA/Cosign), and drive “secure by default” patterns in build/deploy.Lead cloud/K8s/serverless hardening (IaC reviews, policy‑as‑code, admission controls, least privilege, network segmentation)Raise the bar across the organization (beyond prod)Partner with IT/SRE to evolve identity & access (SSO/MFA/JIT/JEA), endpoint/EDR posture, email & SaaS security, and third‑party/vendor risk.Run vuln management end‑to‑end: scanning, prioritization, remediation SLAs, and executive reporting.Contribute to security governance (policies, standards, tabletop exercises, BCP/DR inputs) and support compliance efforts (e.g., SOC 2/ISO 27001).Influence, automate, and measureBuild security tooling and integrations (preferably Python or Go) that engineers love to use.Define metrics/KPIs (coverage, drift, exposure, response times) and regularly communicate risk & progress to engineering and leadership.Mentor engineers on secure design and champion a positive, enablement‑first security culture.What You’ll Bring5+ years in Security Operations/Cloud Security/Blue Team roles, with deep, hands‑on experience in AWS (IAM/GuardDuty/CloudTrail/CloudWatch) and Kubernetes/containers.Strong incident response skills across detection, investigation, containment, and recovery especially in complex cloud‑native environments.Proficiency building security automations and tools in Python or Go; experience with SOAR and API‑driven workflows.Practical expertise with SIEM/log analytics (e.g., ELK/OpenSearch, Splunk), EDR, CSPM/CNAPP, and secrets management (e.g., Vault).Solid grasp of CI/CD security, supply‑chain risks (SAST/DAST/IAST, dependency scanning, artifact signing), and IaC (Terraform) security reviews.Networking & Linux fundamentals; proven ability to partner with DevOps/SRE/R&D and to communicate risk clearly to non‑security stakeholders.Willingness to participate in a shared on‑call rotation for security incidents.We may use artificial intelligence (AI) tools to support parts of the hiring process, such as reviewing applications, analyzing resumes, or assessing responses. These tools assist our recruitment team but do not replace human judgment. Final hiring decisions are ultimately made by humans. If you would like more information about how your data is processed, please contact us.
