This description is a summary of our understanding of the job description. Click on 'Apply' button to find out more.

Role Description

We are seeking a forward-thinking Security Engineer to join our team, focusing on SecOps for the cloud architecture supporting the product. In this role, you will operate across a complex, multi-cloud environment (AWS & GCP) comprising both traditional VMs and modern managed and unmanaged container-based architectures.

Your primary focus will be on the aggressive automation of security processes, responsible for:

• Deploying, integrating, and monitoring Jenkins and GitLab pipelines to ensure that "Security as Code" scales seamlessly alongside our infrastructure.
• Strategic deployment and management of CSPM, CNAPP, and CWPP tools to act as a force multiplier for the team.
• Conducting rigorous infrastructure reviews to ensure that cloud configurations, IAM policies, and orchestration layers meet our security baselines while maintaining rapid release velocity.

Qualifications

• Deep architectural understanding of GCP and AWS, with the ability to manage complex IAM policies, standardizing identity, and securing networking layers across both providers.
• Proficiency in Python, Go, or Bash to write custom scripts that eliminate toil, build auto-remediation playbooks, and streamline security operations.
• Experience developing secure Terraform modules and primitives for the organization to stem from, ensuring security defaults are baked into the architecture and catching misconfigurations before deployment.
• Design and maintain shared CI/CD security components (SAST/SBOM/Container Scanning) that are easily adoptable by engineering teams with minimal friction.
• Proven experience securing managed (EKS, GKE) and unmanaged container workloads, with a strong emphasis on automating runtime defenses and admission controllers.
• The ability to operate pragmatically within a lean team, knowing how to prioritize risk based on runtime context and business impact rather than just chasing scanner outputs.
• Proven ability to implement and manage Just-In-Time access policies to replace manual ticket and eliminating standing privileges.
• Due to the role’s involvement in federal compliance activities, the candidate is required to be a US citizen.

Requirements

• Deploy and manage Cloud Security Posture Management (CSPM) tools to automatically detect and remediate misconfigurations across both providers.
• Implement Cloud Native Application Protection Platform (CNAPP) strategies by shifting left and integrating container image scanning directly into Jenkins and GitLab pipelines.
• Deploy and tune Cloud Workload Protection Platform (CWPP) tools to monitor runtime behavior and detect anomalies in both VMs and Kubernetes pods.
• Build Automated Response Playbooks to automatically enrich alerts, isolate compromised resources, and dismiss low-fidelity noise without human intervention.
• Manage effective permissions across complex multi-cloud IAM structures and standardize secret management workflows.
• Collaborate closely with Technical Program Managers (TPMs) during software releases to enforce compliance standards and oversee vulnerability scanning.
• Respond to customer inquiries regarding the impact of Common Vulnerabilities and Exposures (CVEs) on our product.

Benefits

• Base Salary range for this role is $105,000 - $185,000.
• All employees may be eligible to become Menlo Security shareholders through eligibility for stock-based compensation grants.