Senior Security Engineer, Cloud Security

Описание вакансии

SpyCloud is on a mission to make the internet a safer place by disrupting the criminal underground. SpyCloud’s solutions thwart cyberattacks and protect more than 4 billion accounts worldwide. Cybersecurity is an exciting, evolving space, and being at the forefront of the fight to disrupt cybercrime makes SpyCloud a special place to work. If you’re driven to align your career with a fantastic mission, look no further!

At SpyCloud, security isn’t just about reducing risk–it’s about enabling innovation.  Our engineering-forward security team designs frictionless, scalable solutions that empower our teams to build with confidence.

As a Senior Cloud Security Engineer, you’ll help shape our security guardrails that protect SpyCloud’s cloud environments and internet-facing services. If you're excited to tackle complex security challenges, shape modern cloud defense strategies, and drive security innovation, we’d love to hear from you!

What You'll Do:

• Cloud & Platform Security Engineering

• Design, implement, and operate cloud security controls across production and internal environments (primarily AWS).
• Own cloud posture management workflows (risk-based triage, exception handling, and automated remediation).
• Build and maintain secure-by-default templates and modules (standards, defaults, account structure, secret management, segmentation).
• Embed policy-as-code and IaC security controls into CI/CD (PR checks, drift detection) to prevent misconfigurations.
• Reduce external and cloud risk by:
• Own attack surface discovery/governance and baseline edge protections (e.g., WAF/rate limiting),
• Drive automation for triage/remediation and operational efficiency by reducing repeat misconfigurations/toil (triage, routing, dedupe, validation, reporting).
• Standardize cloud logging/telemetry and ensure it integrates cleanly into detection/IR workflows.

• Team Collaboration and Growth

• Work cross-functionally with Product, IT, DevOps, and Engineering to drive best practices and improve baseline security across the whole org.
• Create pragmatic documentation, runbooks, and enablement materials that help teams self-serve, safely.
• Support cloud/edge incident response: containment playbooks, root cause, and follow-up fixes.

• Technical Leadership

• Lead design reviews and threat models for platform/infrastructure (networking/segmentation, service-to-service access, secrets/encryption, logging/monitoring)..
• Drive continuous improvement of processes, procedures, and tools used across the security engineering organization

Requirements:

• Professional Experience

• 5+ years combined experience in software engineering, infrastructure/platform engineering, and/or security engineering (with meaningful cloud/platform depth).

• Technical Proficiency

• Strong understanding of securing distributed, cloud-native, high-availability environments.
• Hands-on AWS experience: designing and operating secure systems (networking, IAM boundaries, logging/monitoring, encryption, service architectures).
• Experience with Infrastructure-as-Code (Terraform preferred).
• Ability to build and maintain tools/automation (Python preferred; strong engineering fundamentals required), including working effectively in Git-based workflows (branching strategies, PRs/code review, CI/CD integration, and resolving merge conflicts).
• Experience in at least one of:

• External attack surface discovery/remediation, and/or
• Edge protection controls (e.g., WAF), and/or
• Cloud posture/misconfiguration reduction at scale.

• While very rare, this position may require occasional after-hours work to support incident response efforts and mission-critical security services.

Nice to Have:

• Experience with major edge/WAF platforms (e.g., AWS WAF, Cloudflare, Fastly, Akamai) and working knowledge of HTTP/TLS/DNS and CDN/edge patterns (including bot/DDoS mitigations).
• Experience with segmentation, network security controls (NGFWs such as Palo Alto), or complex cloud networking, and transit gateways.

SpyCloud is not sponsoring visas at this time.

For applicants residing in California, please click here to read SpyCloud's CCPA Notice.

For applicants residing in the UK, please click here to read SpyCloud's Employee Privacy Notice.

U.S.-Based Benefits + Perks (for Full Time Employees):

At SpyCloud, we are committed to working alongside individuals who are equally passionate about preventing cybercrime, regardless of their department or role. Guided by our core values in all business decisions, we prioritize unity in our mission and ensure all SpyCloud employees have the support and benefits they need to stay focused on our goals. In addition to our engaging workspace in South Austin, flexible and remote-friendly work options, and competitive salary package, we offer our employees a comprehensive benefits package that includes:

• 401(k) with Employer Contribution
• Health, Vision, and Dental Insurance

+ Health Savings Account (HSA) available with Employer Contribution

• Employer Paid Life, Short-term, and Long-term Disability Insurance
• Generous PTO Plan and 16 paid holidays per year

U.K.-Based Benefits + Perks (for Full Time Employees):

• Retirement Savings Plan with Employer Contribution
• Employer Provided Private Health Insurance and Healthcare Cashplan
• Employer Paid Life Insurance and Income Replacement
• Generous Holiday Plan and 14 paid holidays per year

About SpyCloud:

SpyCloud transforms recaptured darknet data to disrupt cybercrime. Its automated identity threat protection solutions leverage advanced analytics and AI to proactively prevent ransomware and account takeover, detect insider threats, safeguard employee and consumer identities, and accelerate cybercrime investigations. SpyCloud's data from breaches, malware-infected devices, and successful phishes also powers many popular dark web monitoring and identity theft protection offerings. Customers include seven of the Fortune 10, along with hundreds of global enterprises, mid-sized companies, and government agencies worldwide. Headquartered in Austin, TX, SpyCloud is home to more than 200 cybersecurity experts whose mission is to protect businesses and consumers from the stolen identity data criminals are using to target them now.

To learn more and see insights on your company’s exposed data, visit spycloud.com.

Our Mission:

Our mission is to make the internet a safer place by disrupting the criminal underground. Together with our customers and partners, we aim to end criminals’ ability to profit from stolen information.

Who We Are:

SpyCloud is a place for innovative, collaborative, and problem-solvers to thrive. Individually, we’re amazing, but together, we’re unstoppable. We celebrate diversity and various perspectives and aim to create an inclusive and supportive environment for all. We are proud to be an Equal Employment Opportunity and Affirmative Action employer of choice. All aspects of employment decisions will be based on merit, performance, and business needs. We do not discriminate on the basis of any status protected under federal, state, or local law. All qualified applicants will receive consideration for employment without regard to race, religion, color, national origin, sex (including pregnancy, childbirth, reproductive health decisions, or related medical conditions), sexual orientation, gender identity, gender expression, age, status as a protected veteran, status as an individual with a disability, genetic information, political views or activity, or other applicable legally protected characteristics. Women, minorities, individuals with disabilities, and protected veterans are encouraged to apply. SpyCloud complies with applicable state and local laws governing nondiscrimination in employment. This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation, and training.

SpyCloud expressly prohibits any form of workplace harassment. Improper interference with the ability of SpyCloud's employees to perform their job duties may result in discipline up to and including discharge. SpyCloud shares the right to work and participates in the E-Verify program in all locations.

If you need assistance or accommodation due to a disability, you may contact us.

Our Culture:

Our culture is something really special. We’re all driven to disrupt the cybercriminal economy as we keep customer accounts safe from compromise. We support a truly worthy and serious mission, but we have fun doing it together. If you are driven, inventive, and collaborative, you’ll fit right in.

SpyCloud’s Recruitment Policy:

We will never ask an applicant for sensitive or personal financial information during the recruitment process. We advise all applicants seeking employment with SpyCloud to review available information on recruitment fraud. Anyone who suspects that they have been contacted by someone falsely representing SpyCloud should email careers@spycloud.com.

Compensation Transparency Policy:

At SpyCloud, we believe in transparency and fairness in compensation. We strive to ensure that all employees are fairly compensated for their contributions, and we openly discuss our compensation philosophy and structure. We are committed to providing competitive salaries and benefits packages to attract and retain top talent, and we encourage open dialogue and feedback regarding compensation matters.

Learn more and apply: SpyCloud Careers