Senior Security Engineer, Cloud Security

SpyCloud is on a mission to make the internet a safer place by disrupting the criminal underground. SpyCloud’s solutions thwart cyberattacks and protect more than 4 billion accounts worldwide. Cybersecurity is an exciting, evolving space, and being at the forefront of the fight to disrupt cybercrime makes SpyCloud a special place to work. If you’re driven to align your career with a fantastic mission, look no further! At SpyCloud, security isn’t just about reducing risk–it’s about enabling innovation. Our engineering-forward security team designs frictionless, scalable solutions that empower our teams to build with confidence. As a Senior Cloud Security Engineer, you’ll help shape our security guardrails that protect SpyCloud’s cloud environments and internet-facing services. If you're excited to tackle complex security challenges, shape modern cloud defense strategies, and drive security innovation, we’d love to hear from you! What You'll Do: Cloud Platform Security Engineering Design, implement, and operate cloud security controls across production and internal environments (primarily AWS). Own cloud posture management workflows (risk-based triage, exception handling, and automated remediation). Build and maintain secure-by-default templates and modules (standards, defaults, account structure, secret management, segmentation). Embed policy-as-code and IaC security controls into CI/CD (PR checks, drift detection) to prevent misconfigurations. Reduce external and cloud risk by: Own attack surface discovery/governance and baseline edge protections (e.g., WAF/rate limiting), Drive automation for triage/remediation and operational efficiency by reducing repeat misconfigurations/toil (triage, routing, dedupe, validation, reporting). Standardize cloud logging/telemetry and ensure it integrates cleanly into detection/IR workflows. Team Collaboration and Growth Work cross-functionally with Product, IT, DevOps, and Engineering to drive best practices and improve baseline security across the whole org. Create pragmatic documentation, runbooks, and enablement materials that help teams self-serve, safely. Support cloud/edge incident response: containment playbooks, root cause, and follow-up fixes. Technical Leadership Lead design reviews and threat models for platform/infrastructure (networking/segmentation, service-to-service access, secrets/encryption, logging/monitoring).. Drive continuous improvement of processes, procedures, and tools used across the security engineering organization Requirements: Professional Experience 5+ years combined experience in software engineering, infrastructure/platform engineering, and/or security engineering (with meaningful cloud/platform depth). Technical Proficiency Strong understanding of securing distributed, cloud-native, high-availability environments. Hands-on AWS experience: designing and operating secure systems (networking, IAM boundaries, logging/monitoring, encryption, service architectures). Experience with Infrastructure-as-Code (Terraform preferred). Ability to build and maintain tools/automation (Python preferred; strong engineering fundamentals required), including working effectively in Git-based workflows (branching strategies, PRs/code review, CI/CD integration, and resolving merge conflicts). Experience in at least one of: External attack surface discovery/remediation, and/or Edge protection controls (e.g., WAF), and/or Cloud posture/misconfiguration reduction at scale. While very rare, this position may require occasional after-hours work to support incident response efforts and mission-critical security services. Nice to Have: Experience with major edge/WAF platforms (e.g., AWS WAF, Cloudflare, Fastly, Akamai) and working knowledge of HTTP/TLS/DNS and CDN/edge patterns (including bot/DDoS mitigations). Experience with segmentation, network security controls (NGFWs such as Palo Alto), or complex cloud networking, and transit gateways. SpyCloud i ... (truncated, view full listing at source)