Legato Security

Role Description Legato Security is seeking a Senior Cloud Security Engineer to join our Security Engineering team. This pivotal role focuses on helping our customers secure their cloud-native environments. The ideal candidate is a subject matter expert in Cloud Security Posture Management (CSPM), specifically with Wiz, and possesses a strong foundational background in Application Security (AppSec). You will be responsible for: - Identifying architectural weaknesses - Automating security guardrails - Mentoring junior engineers to foster a robust security culture As part of Legato’s managed security services (MSSP) practice, this engineer will serve as a dedicated resource for key client accounts, providing managed administration of cloud security tooling and ongoing AppSec scanning support via SAST and DAST programs. Specific Job Responsibilities - Lead the onboarding, configuration, and continuous monitoring of Wiz for client tenants, ensuring visibility across AWS, Azure, and GCP. - Conduct application security assessments for clients using tools, e.g. Checkmarx, Snyk, Burp Suite, and SonarQube, providing prioritized remediation roadmaps. - Act as a dedicated Virtual Security Engineer for key accounts, attending client architectural reviews and providing expert security guidance on cloud migrations. - Collaborate with client DevOps and engineering teams to integrate security "guardrails" into their specific CI/CD pipelines. - Lead threat modeling sessions for client applications and assist the sales engineering team in scoping complex cloud security projects. - Create high-quality technical reports and executive summaries that translate tool findings into business risk and actionable improvements. - Participate in an on-call rotation for critical security incidents and client emergencies; after-hours escalations are infrequent but require a timely and professional response when they occur. Qualifications - Bachelor’s degree in computer science, Cybersecurity, related field or equivalent industry experience - 6+ years in Information Security, with at least 3 years in a cloud security role. - Extensive hands-on experience with Wiz is required. Must be comfortable navigating and securing complex, multi-cloud architectures (IAM, VPC, Serverless). - Some experience with SAST/DAST/SCA tools (e.g., Checkmarx, Snyk, SonarQube, Burp Suite). - Exceptional written and verbal communication; ability to handle difficult technical conversations with clients professionally. - Proven ability to context-switch between different client environments, tech stacks, and security maturity levels. Preferred Qualifications - CISSP, CCSP, AWS Certified Security – Specialty, or CSSLP are highly preferred. Benefits - Start-up company in a growth phase with opportunity for advancement based on performance - Start-up culture with an office in downtown Salt Lake City, UT - Competitive medical and dental benefits for employee and family members - Other company-provided benefits such as short-term disability, basic life insurance, children’s orthodontia, with additional voluntary benefits available, and 401K match - Flexible Paid Time Off policy - Professional Development opportunities specific to role