IN Draft

IN Draft ABOUT POSHMARK Poshmark is the leading fashion marketplace where style comes alive through discovery, self-expression, and human connection. Powered by a vibrant community of 165 million members, Poshmark brings real people and taste to shopping through a social experience shaped by shared discovery. Buying and selling fashion feels simple, joyful, and personal, while every item tells its own story. Poshmark empowers sellers to grow meaningful businesses, keeps fashion in circulation longer, and gives shoppers access to unique and trusted finds, from everyday pieces to one-of-a-kind vintage and luxury. Security Engineer II - Product Security [Cloud Security] Security team at Poshmark is responsible for securing our application platform, cloud infrastructure, and IT systems to protect Poshmark and its 60 million Community members. As an AWS and Infrastructure Security Engineer, you will collaborate with other security team members and other stakeholders to design and harden infrastructure, network and access implementing security best practices. Responsibilities: ● Develop a strong understanding of the Poshmark product and platform architecture to align infrastructure security controls with business and application needs. ● Implement and maintain secure AWS infrastructure aligned with industry best practices and CIS benchmarks. ● Manage and optimize AWS security services including IAM, GuardDuty, CloudTrail, Config, WAF, and Organizations. ● Implement and maintain cloud security guardrails using AWS Organizations, SCPs, and IAM policies. ● Leverage CSPM tools to continuously monitor cloud posture and remediate misconfigurations. ● Perform vulnerability assessments across cloud, infrastructure, endpoints, and containerized workloads, driving timely remediation. ● Conduct security reviews of Kubernetes clusters and container environments (RBAC, configuration, network policies, workload security). ● Integrate security controls into CI/CD pipelines and infrastructure-as-code workflows. ● Strengthen server and endpoint security through configuration hardening and continuous monitoring. ● Collaborate cross-functionally to embed security throughout the infrastructure and product lifecycle. ● Support incident response activities across AWS and enterprise environments. ● Automate security processes and controls using Python, Bash, or similar scripting languages. Requirements ● 3–5 years of experience in Security Engineering, with at least 2+ years focused on AWS or public cloud security. ● Hands-on experience with AWS security services such as IAM, GuardDuty, CloudTrail, Config, WAF, and Organizations. ● Experience implementing IAM controls and cloud guardrails (e.g., SCPs, policy-based restrictions). ● Exposure to Cloud Security Posture Management (CSPM) tools and cloud misconfiguration management. ● Working knowledge of Kubernetes and container security fundamentals. ● Experience performing vulnerability management in cloud environments. ● Familiarity with security frameworks such as CIS or NIST. ● Strong ownership mindset and ability to collaborate effectively across teams. ● Good written and verbal communication skills. Nice to Have ● Experience with enterprise security tools such as Okta, CrowdStrike, JAMF, or similar platforms. ● Exposure to SaaS security hardening and endpoint security best practices. ● Experience implementing security controls using Terraform or other Infrastructure-as-Code frameworks. ● Automation experience using Python or similar scripting languages. ● Exposure to advanced AWS security services such as Security Hub, Macie, Detective, Shield Advanced, Network Firewall, or DNS Firewall. ● Experience with container security tooling (e.g., image scanning, runtime protection, admission controllers). ● Familiarity with EKS security hardening and multi-account AWS environments. ● Relevant certifications such as AWS Security Specialty, CCSP, or equivalent.