Security Engineer

What you will do

• Application Security (Primary)
• Champion application security program strategy and implementation, including but not limited to various controls towards a “shift-left” security model, Security Champions program, adoption and implementation of SAST, DAST, other application security tools.
• Assist in maturation of the Secure SDLC, including threat modeling, security architecture and requirements guidance, as well as secure code development training.
• Work directly with developers to triage findings, provide remediation guidance, and foster a security-first culture.
• Manual testing support for light red teaming such as POC’ing vulnerabilities, leading penetration tests via vendor engagements and/or internally led testing, and validating security findings.
• Cloud & Infrastructure Security (Secondary)
• Partner with Engineering, DevOps, to secure GCP, AWS environments
• Leverage Cloud Security tools such as CNAAP, to remediate discovered misconfigurations, vulnerabilities, and triage of Cloud Security alerts.
• Develop and implement secure infrastructure baselines, vulnerability management processes, secrets managements, IAM, and hardening standards within the cloud environment.
• Incorporation of shift-left security tests and controls, into CI/CD pipelines
• Help expand monitoring capabilities within tools such as SIEM, CNAAP, including implementation of required cloud architecture/logging, onboarding of log sources to security tools, and detection rules for cloud-based threats
• Zero Trust & Network Security (Support)
• Strengthen Zero Trust posture by expanding usage of Cloudflare WARP, WAF, other Zero Trust tooling and principles
• Collaborate with the IT team to enhance endpoint security policies within EDR tools such as SentinelOne, Crowdstrike, as well as secure hardening standards into MDM
• Support design and implementation of IAM best practices/principles for workforce and client identity, leveraging tools such as; Google IDP, Okta, Auth0, Zitadel
• Security Operations & Incident Response (Support)
• Review, design, and implementation of new Security Tools – support administration across tools such as SIEM, EDR, CNAAP, Email Security, and others.
• Support security and risk assessments for new tools, vendors, and relationships with broader Security and IT team.
• Assist in development of new threat detections, playbooks, and automated response/remediation
• Support triage and response of security alerts, as an escalation point from the broader team.
• Participate in supporting security on-call rotation

What You Need to be Successful

• 3-5 years of hands-on experience in a security engineering role, preferably within a cloud-native, startup environment
• Experience building or contributing to a Secure SDLC program, leveraging application security tools, supporting security architecture reviews
• Demonstrated experience securing public cloud environments, with a strong preference for Google Cloud Platform (GCP).
• Experience building or contributing to a Secure SDLC program.
• Hands-on experience with modern security tooling, including
• SAST/SCA: Snyk, Checkmarx, Veracode, or similar.
• CNAPP: Wiz, Prisma Cloud, or similar.
• EDR: SentinelOne, CrowdStrike, or similar.
• SIEM: Google SecOps, Splunk, or other modern platforms.
• A solid understanding of Zero Trust, IAM principles and practical experience implementing solutions with tools like Cloudflare.
• Proficiency in at least one scripting language (e.g., Python, Bash) to automate security tasks and processes.
• Excellent problem-solving skills and the ability to work collaboratively with both technical (Engineering) and non-technical (GTM) teams.
• A proactive, “builder” mindset with a passion for improving processes, reducing risk.
Preferred Candidate will have:
• Familiarity with Infrastructure as Code (IaC) and its security implications (e.g., Terraform).
• Knowledge of compliance frameworks such as SOC 2, GDPR, NIST CSF
• Familiarity with common application development languages such as Java or JavaScript
• Understanding of system and architecture design principles, from code to cloud
• Relevant industry certifications (e.g., GCLD, GCP Cloud Security Engineer, GCSA).

About BlackCloak

Learn More about Us

Originally posted on Himalayas