• Design, develop, and implement cloud security architecture solutions in Microsoft Azure aligned with business objectives, technical requirements, and industry frameworks (e.g., NIST CSF, CIS Benchmarks). • Build and maintain security automation using Infrastructure as Code (IaC) tools such as Terraform, Bicep, or ARM templates to ensure consistent, repeatable, and auditable deployments. • Architect and implement cloud-native security controls including network segmentation, micro-segmentation, encryption at rest and in transit, and secrets management. • Partner with IT Infrastructure and Enterprise Architecture teams on the migration strategy for moving on-premise data centers to Microsoft Azure, ensuring environments are secure, compliant, and resilient from day one. • Evaluate and remediate security risks across hybrid and cloud-native architectures throughout the migration lifecycle. • Implement and manage Cloud Security Posture Management (CSPM) and Cloud-Native Application Protection Platform (CNAPP) tooling to maintain continuous visibility and compliance. • Collaborate with development and platform engineering teams to embed security into CI/CD pipelines, including static/dynamic code analysis (SAST/DAST), container image scanning, dependency vulnerability scanning, and automated policy enforcement. • Write production-quality code and automation scripts (Python, PowerShell, Bash, or Go) to build security tooling, automate remediation workflows, and integrate security controls across cloud services. • Champion secure software development practices across engineering teams, including threat modeling, secure code review, and security architecture assessments. • Support the adoption of policy-as-code and detection-as-code practices to enforce security standards programmatically. • Lead the design, development, and implementation of a cloud-based IAM strategy, including Zero Trust principles, least-privilege enforcement, conditional access, and identity governance. • Manage and optimize identity platforms (e.g., Microsoft Entra ID), role-based access control (RBAC), privileged access management (PAM), and authentication protocols (OAuth 2.0, SAML, OIDC). • Implement and tune cloud-native monitoring, logging, and alerting using tools such as Microsoft Sentinel or equivalent SIEM/SOAR platforms. • Develop and enforce cloud security policies, standards, and procedures, and maintain audit readiness for applicable compliance frameworks. • Stay current with emerging technologies, threat vectors, and industry trends — including AI-driven threat detection, container and serverless security, and evolving regulatory requirements. • Act as a subject matter expert, providing technical guidance and mentorship to other engineers and cross-functional team members.

Figma is growing our team of passionate creatives and builders on a mission to make design accessible to all. Figma’s platform helps teams bring ideas to life—whether you're brainstorming, creating a prototype, translating designs into code, or iterating with AI. From idea to product, Figma empowers teams to streamline workflows, move faster, and work together in real time from anywhere in the world. If you're excited to shape the future of design and collaboration, join us! As a Security Engineer you will identify and drive impactful projects to improve the security of Figma’s product, platform, and IT systems. We are hiring for multiple teams within Security Engineering: AI Security, Platform Security, Product Security, and Anti-Abuse. You will partner closely with teams across the company and focus on systemic security improvements and risk reduction. You will also participate in operational security responsibilities like security reviews, consulting, vulnerability triage, and security incident response. Examples of what you may work on across teams: AI Security - Perform technical security assessments, code audits, and design reviews for new AI infrastructure, platforms, and products. - Design and develop technical solutions to secure AI models, tooling, debugging workflows, and data pipelines. - Advocate for secure practices across Figma’s AI infrastructure, platforms, and data systems. - Build the next generation of internal AI-powered access insights and security tooling. - Help run penetration testing and offensive security exercises against Figma’s AI infrastructure, platforms, and products. Platform Security - Perform technical security assessments, code audits, and design reviews for changes to Figma’s cloud and corporate infrastructure. - Design and develop solutions to prevent or mitigate cloud and corporate security risks. - Advocate for secure practices within Figma’s cloud and corporate infrastructure. - Build platforms and tooling to detect and respond to infrastructure and corporate security threats. Product Security - Perform technical security assessments, code audits, and design reviews for new product features. - Design and develop solutions to prevent or mitigate product security vulnerabilities. - Advocate for secure development practices across Figma’s products and services. - Help run penetration testing, offensive security exercises, and support our bug bounty program. - Help respond to product security incidents. Anti-Abuse - Design and build technical systems to prevent spam, fraud, and abuse. - Partner closely with product teams to identify and address potential abuse vectors. - Develop new signals and improve the use of existing signals to detect abusive behavior. - Help respond to spam, fraud, and abuse incidents. This is a full-time role that can be held from one of our US hubs or remotely in the United States. We’d love to hear from you if you have: - 5+ years of proven engineering experience working in either a Security Engineering or a Software Engineering role. In the case of the latter, some security experience is preferred. - Strong security judgment in threat modeling and risk prioritization and/or strong technical judgment in designing and building maintainable, scalable systems. - Proficiency in at least one general-purpose coding language. - Strong communication and interpersonal skills, with demonstrated experience collaborating across functions. While not required, it’s an added plus if you also have: - Subject matter expertise in Application Security, Cloud Security, Corporate Security, Data Access Governance, and/or IAM (Identity and Access Management). - Demonstrated ability to make hard prioritization decisions in security controls. At Figma, one of our values is Grow as you go. We believe in hiring smart, curious people who are excited to learn and develop their skills. If you’re excited about this role but your past experience doesn’t align perfectly with the points outlined in the job description, we encourage you to apply anyways. You may be just the right candidate for this or other roles. Pay Transparency Disclosure If based in Figma’s San Francisco or New York hub offices, this role has the annual base salary range stated below. Job level and actual compensation will be decided based on factors including, but not limited to, individual qualifications objectively assessed during the interview process (including skills and prior relevant experience, potential impact, and scope of role), market demands, and specific work location. The listed range is a guideline, and the range for this role may be modified. For roles that are available to be filled remotely, the pay range is localized according to employee work location by a factor of between 80% and 100% of range. Please discuss your specific work location with your recruiter for more information. Figma offers equity to employees, as well a competitive package of additional benefits, including health, dental & vision, retirement with company contribution, parental leave & reproductive or family planning support, mental health & wellness benefits, generous PTO, company recharge days, a learning & development stipend, a work from home stipend, and cell phone reimbursement. Figma also offers sales incentive pay for most sales roles and an annual bonus plan for eligible non-sales roles. Figma’s compensation and benefits are subject to change and may be modified in the future. Annual Base Salary Range: $149,000—$350,000 USD At Figma we celebrate and support our differences. We know employing a team rich in diverse thoughts, experiences, and opinions allows our employees, our product and our community to flourish. Figma is an equal opportunity workplace - we are dedicated to equal employment opportunities regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity/expression, veteran status, or any other characteristic protected by law. We also consider qualified applicants regardless of criminal histories, consistent with legal requirements. We will work to ensure individuals with disabilities are provided reasonable accommodation to apply for a role, participate in the interview process, perform essential job functions, and receive other benefits and privileges of employment. If you require accommodation, please reach out to accommodations-ext@figma.com. These modifications enable an individual with a disability to have an equal opportunity not only to get a job, but successfully perform their job tasks to the same extent as people without disabilities. Examples of accommodations include but are not limited to: - Holding interviews in an accessible location - Enabling closed captioning on video conferencing - Ensuring all written communication be compatible with screen readers - Changing the mode or format of interviews To ensure the integrity of our hiring process and facilitate a more personal connection, we require all candidates keep their cameras on during video interviews. Additionally, if hired you will be required to attend in person onboarding. By applying for this job, the candidate acknowledges and agrees that any personal data contained in their application or supporting materials will be processed in accordance with Figma's Candidate Privacy Notice.

Role Description We are currently seeking a Cloud Security Integration Engineer to join our organization in the United States. The Cloud Security Integration Engineer owns security integration activities for acquired companies, third-party platforms, and internal consolidations, ensuring new environments are onboarded to centralized EDR, CSPM, SIEM, and identity tooling against organizational baselines. Between integrations, the role manages cloud security posture across AWS, Azure, and GCP, supports incident response, and partners with DevOps on secure architecture. This role directly accelerates acquisition integration timelines while reducing security gap exposure across the growing multi-cloud footprint. Performance Objectives - Security Integration & Onboarding - Plan and execute security integration activities for acquired companies, third-party platforms, and internal consolidations, ensuring alignment with organizational security baselines. - Onboard new environments to centralized security tooling (EDR, CSPM/CNAPP, SIEM, vulnerability management); validate agent deployment, policy configuration, and telemetry coverage. - Coordinate identity integration including directory synchronization, Conditional Access deployment, SSO federation, and phishing-resistant authentication enrollment (FIDO2, passkeys). - Conduct security assessments of target environments during integration planning, identifying gaps across endpoint coverage, cloud posture, identity hygiene, and network segmentation. - Track remediation of findings from integration-phase vulnerability scans and penetration tests; coordinate with engineering teams to validate fixes within defined SLAs. - Produce integration status reports for security leadership covering risk posture, remediation progress, and milestones. - Security Engineering & Operations - Maintain and improve security tooling across endpoint, cloud, identity, and application security domains; support platform upgrades, policy tuning, and coverage gap analysis. - Manage cloud security posture across AWS (primary), Azure, and GCP environments, including misconfiguration remediation and security service configuration (GuardDuty, Security Hub, Config, Defender for Cloud). - Collaborate with DevOps and infrastructure teams on secure architecture patterns, IaC security reviews, and CI/CD pipeline controls. - Support incident response activities including investigation, containment, and post-incident documentation. - Participate in security architecture reviews for new projects, vendor integrations, and infrastructure changes; provide risk-based recommendations. Qualifications - Bachelor's degree in Computer Science, Cybersecurity, Information Technology, or related field; equivalent professional experience accepted in lieu of degree. - 3-5 years of experience in cybersecurity, security engineering, or a closely related technical security role. - 3+ years hands-on experience with at least two of the following: EDR platforms, CSPM/CNAPP tooling, identity and access management (Entra ID or equivalent), cloud security services (AWS or Azure). - Demonstrated experience participating in system integration, platform migration, or M&A integration activities in a security capacity. - Working knowledge of at least one compliance framework (SOC 2, ISO 27001, NIST CSF, PCI-DSS) and its application during integration or audit activities. Requirements - Desired Certifications (one or more): AWS Certified Security – Specialty, AZ-500. - Ideal Certifications: SC-300, SC-100, SAA-C03, CCSP, CISSP, CCSK, CKS. Physical Demands - Ability to sit for long periods, work on a computer with repetitive motions and utilize devices typically found in an office environment. - Ability to communicate effectively with another person. - Regular and predictable attendance is required. - Ability to work in an office environment as required. - Travel requirements: as required for company needs. Benefits - Medical - Dental - Vision - Income Protection (disability, life/AD&D, critical illness, accident) - Employee Assistance Program (EAP) - Healthcare Spending Account (HSA), Commuter - Lifestyle & Wellbeing Program - Pet Insurance

About us Pomelo Care is the national leader in evidence-based healthcare for women and children. We deliver personalized, high-quality clinical interventions from reproductive care and pregnancy, infant care and pediatrics, to hormonal health through perimenopause and menopause, with long-term preventive care and condition management. Our model delivers 24/7 multispecialty care to address the medical, behavioral, and social factors that most significantly impact outcomes for women and children. We partner with payers, employers, and providers to expand access to quality healthcare across the system. What you'll do As our first Product Security Engineer, you will sit at the intersection of Security and Software Engineering. Reporting directly to the CISO, you will be a "Security Builder": embedded within our engineering teams with the autonomy needed to build the automation, tools, and workflows that make security a seamless part of the software development lifecycle. You aren't just finding bugs; you are building the systems that prevent and fix them at scale. Your work will be centered on three core strategic pillars: - Secure architecture and auth: you will design and implement auth enhancements such as magic link improvements and access/audit log features to monitor access and improve transparency. - Privacy engineering: you will lead the privacy engineering initiatives including DSAR integration, building automated data deletion capabilities directly into the Pomelo mobile app and our internal platform to ensure seamless compliance. You will also help improve privacy-preserving data de-identification and anonymization as needed. - Full-cycle remediation: you will own the end-to-end pentest-to-fix lifecycle. This means you don't just triage reports; you write the code to fix penetration test findings, remediate SAST issues, and build greenkeeping systems for high-volume dependency patching with regression testing. Beyond these pillars, you will serve as a high-leverage engineering partner to the broader InfoSec team by: - Building secure-by-default libraries: reducing the load on core Software Engineering by creating internal libraries and patterns that make security the default path. - Threat modeling: partnering with engineering leads to conduct threat modeling and ensure secure design at the earliest stages of the development process. - Scaling through collaboration: as a security resource embedded in our engineering teams, you will help engineering squads navigate complex security use cases, translating GRC requirements into elegant code rather than manual checklists. Who you are You’re an enthusiastic and collaborative engineer who enjoys solving meaningful problems through code. You view security as a product challenge, and you believe the best way to secure a system is to make the "secure way" the "easy way." In particular, you: - Are a builder first: Have 5+ years of software engineering experience with a strong foundation in computer science and a track record of shipping production-grade code (Python, Go, Kotlin or similar). - Have a security mindset: You understand the OWASP Top 10, identity flows and prompt injections, but you’d rather build a system that eliminates a class of vulnerability than manually triage individual alerts. You believe security expertise should be embedded into the development process, not bolted on at the end. - Are an automation enthusiast: you enjoy tackling complex problems with practical automation and are keeping up with trends in LLM agents to multiply your engineering impact. - Navigate ambiguity: as a floating resource across various engineering teams, you are comfortable context-switching and can quickly build rapport with different engineering teams to understand their needs. We’ll be super excited if you - Have experience with Google Cloud Platform (GCP), Github Advanced Security (GHAS), Stytch, Sentry, Fullstory, Statsig or similar technology stack. - Have prior experience in healthcare data, including understanding of HIPAA, SOC 2 Type 2 and HITRUST compliance requirements. - Have experience building data infrastructure that supports AI/ML workloads,internal developer platforms and privacy preserving data de-identification and anonymization techniques. - Have previously worked in a fast-paced, product-oriented startup environment. Why you should join our team By joining Pomelo, you will get in on the ground floor of a fast-moving, well-funded, and mission-driven startup that always puts the patient first. You will learn, grow and be challenged -- and have fun with your team while doing it. We strive to create an environment where employees from all backgrounds are respected. We also offer: - Competitive healthcare benefits - Generous equity compensation - Unlimited vacation - Membership in the First Round Network (a curated and confidential community with events, guides, thousands of Q&A questions, and opportunities for 1-1 mentorship) At Pomelo, we are committed to hiring the best team to improve outcomes for all mothers and babies, regardless of their background. We need diverse perspectives to reflect the diversity of problems we face and the population we serve. We look to hire people from a variety of backgrounds, including but not limited to race, age, sexual orientation, gender identity and expression, national origin, religion, disability, and veteran status. Our salary ranges are based on paying competitively for our company’s size and industry, and are one part of the total compensation package that also includes equity, benefits, and other opportunities at Pomelo Care. In accordance with New York City, Colorado, California, and other applicable laws, Pomelo Care is required to provide a reasonable estimate of the compensation range for this role. Individual pay decisions are ultimately based on a number of factors, including qualifications for the role, experience level, skillset, geography, and balancing internal equity. Given that this role is open to candidates of different skill levels, determining a salary range is challenging. A reasonable estimate of the current salary range is $175,000 to $200,000. We expect most candidates to fall in the middle of the range. #LI-Remote Potential Fraud Warning Please be cautious of potential recruitment fraud. With the increase of remote work and digital hiring, phishing and job scams are on the rise with malicious actors impersonating real employees and sending fake job offers in an effort to collect personal or financial information. Pomelo Care will never ask you to pay a fee or download software as part of the interview process with our company. Pomelo Care will also never ask for your personal banking or other financial information until after you have signed an offer of employment and completed onboarding paperwork that is provided by our People Operations team. All official communication with Pomelo Care People Operations team will come from domain email addresses ending in @pomelocare.com. If you receive a message that seems suspicious, we encourage you to pause communication and contact us directly at careers@pomelocare.com to confirm its legitimacy. For your safety, we also recommend applying only through our official Careers page. If you believe you have been the victim of a scam or identity theft, please contact your local law enforcement agency or another trusted authority for guidance.