• Own security strategy and execution across the Foundation’s internal onchain program operations and the broader Solana ecosystem. • Ensure Solana Foundation follows institutional security best practices and creates exportable patterns the wider ecosystem can follow. • Lead the effort to push security as a major priority in the ecosystem by publishing frameworks, guidance, and reports grounded in real data.

• Document and address organization's information security audit and compliance requirements and standards. • Develops, maintains, and communicates the organization’s information security policy and procedures • Directs and oversees the assessment, selection, implementation, and maintenance of information security tools and technologies • Evaluate new or updated industry regulations to ensure continued compliance • Enforces information security controls and investigates/responds to information security incidents • Participates in business continuity planning (BCP) activities when required by regulation or senior leadership • Prepares reports, business cases, and presentations on security risk, controls, the status of compliance efforts, etc. • Acts as liaison between IT and other functions (e.g., legal) regarding information compliance and/or audits • Assist ISL in the collaboration on SSP's • Assist ISL in the determine the protection needs (i.e., security controls) for the information system(s) and network(s) and document appropriately.

• Plan and manage well-defined projects or workstreams. • Develop and maintain detailed project schedules, milestones, and documentation. • Provide regular, audience-appropriate status updates. • Monitor budgets, hours, and resourcing against plan. • Track and report variances, risks, and issues.

Role Description At Cloudera, we empower people to transform complex data into clear and actionable insights. We are seeking a technically proficient and proactive Senior Security Engineer to manage and enhance the security of our hybrid IT environment. This role focuses on the hands-on implementation, operation, and continuous improvement of security controls across on-premises data centers and cloud platforms (AWS, Azure, GCP), with an emphasis on identifying, prioritizing, and reducing security risk. You will serve as a key technical resource, owning security initiatives from assessment through remediation and collaborating closely with IT Operations and Product teams to ensure our infrastructure remains resilient. As a Senior Security Engineer, you will: - Security Implementation & Optimization: Deploy and tune security controls across on-premises and cloud environments (IaaS, PaaS, SaaS). Ensure that security architectures designed by leadership are effectively integrated. - Vulnerability Management: Identify, assess, and track security vulnerabilities across infrastructure, cloud environments, endpoints, and applications. Perform risk-based analysis to prioritize remediation, partner with IT and Engineering teams to drive fixes, and validate remediation effectiveness. - Cloud Security Operations: Maintain and monitor security configurations across cloud providers, including managing cloud security groups, IAM roles, and monitoring containerized workloads and serverless functions. - Infrastructure Defense: Manage and troubleshoot on-premises security controls, including firewalls, endpoint protection (EDR), and virtualization security. - Identity & Access Management (IAM): Administer and enforce IAM policies, including SSO integration, MFA rollout, and the management of Privileged Access Management (PAM) tools. - Incident Response: Serve as a core technical responder during security incidents, assisting with investigation, containment, and documentation of post-incident findings. - Automation & Tooling: Maintain security tooling and develop scripts (e.g., Python, Terraform) to automate repetitive security tasks and improve operational efficiency. - Compliance Support: Assist in gathering evidence for audits and ensuring our controls meet industry standards like ISO 27001, SOC 2, or PCI DSS. Qualifications - Education: Bachelor’s degree in Computer Science, Cybersecurity, or a related field (or equivalent practical experience). - Experience: 4–6 years of experience in cybersecurity engineering or infrastructure security. - Cloud Proficiency: Hands-on experience configuring security settings within at least one major cloud provider (AWS, Azure, or GCP). - Technical Depth: Solid understanding of network protocols, firewalls, and endpoint security technologies. - Scripting: Ability to use scripting languages (e.g., Python, PowerShell) or Infrastructure as Code (Terraform, CloudFormation) to manage security configurations. - IAM Knowledge: Practical experience managing identity providers (e.g., Okta, Azure AD) and RBAC models. - Communication: Strong ability to document technical processes and communicate security risks to peers and cross-functional partners. - Certifications: Certifications like CompTIA Security+, GIAC (GSEC/GCIH), or Associate-level Cloud Security certifications (e.g., AWS Certified Security Specialty) are a plus. Requirements - This is a high-impact role where your work directly protects our users and data every day. - This role is not eligible for immigration sponsorship. Benefits - Generous PTO Policy - Support work-life balance with Unplugged Days - Flexible WFH Policy - Mental & Physical Wellness programs - Phone and Internet Reimbursement program - Access to Continued Career Development - Comprehensive Benefits and Competitive Packages - Paid Volunteer Time - Employee Resource Groups - EEO/VEVRAA