Cape is the privacy-first mobile network.
Security Engineer – Product Security
Location
United States
Posted
227 days ago
Salary
0
Seniority
Senior
Job Description
Security Engineer – Product Security
Cape
• Design, implement, and manage robust security controls and policies within AWS, focusing on the confidentiality, integrity, and availability of data and services. • Perform comprehensive security assessments of our cloud environments to identify vulnerabilities, assess risks, and recommend actionable mitigation strategies. • Lead the integration of security practices into the DevOps lifecycle, promoting secure development, deployment, and operational processes. • Utilize and optimize AWS security tools (such as Amazon GuardDuty, Amazon Inspector, AWS IAM, AWS KMS, AWS WAF, and AWS Shield) and explore third-party solutions to bolster our security posture. • Assist in running and address findings from penetration tests and security audits, and ensuring prompt and effective remediation. • Stay informed about the latest security threats, vulnerabilities, and compliance mandates affecting cloud environments, provide strategic guidance on technologies and best practices. • Provide expert mentorship to junior security team members and engineers across the company, to foster an organizational culture of security awareness and continuous improvement. • Collaborate with stakeholders to integrate security requirements effectively into engineering projects and broader business initiatives.
Job Requirements
- Bachelor's degree in Computer Science, Information Security, or a related field (or equivalent experience)
- Advanced degrees or certifications (e.g., CISSP, AWS Certified Security Specialty) are advantageous.
- A minimum of 5 years of experience in information security, with at least 3 years concentrated on cloud security within AWS environments.
- Deep understanding of AWS architecture, security services, and best practices for securing cloud applications and data.
- Proficiency in using infrastructure as code (IaC) tools (like CDK, Terraform, or AWS CloudFormation) and in automating security tasks within AWS.
- Skilled in scripting languages (Python, TypeScript, Go) for the automation of security tasks and the integration of security tools.
- Familiarity with containerization and microservices, particularly in securing stacks using these technologies.
- Solid knowledge of network security, encryption technologies, and secure coding practices.
- Excellent analytical skills for identifying and mitigating complex security vulnerabilities and risks.
- Strong communication and leadership abilities, capable of working collaboratively across teams and effectively conveying technical information to non-technical stakeholders.
- Organized and able to manage multiple priorities in a dynamic, fast-paced environment.
Benefits
- 401(k) match
- 100% coverage of medical, dental, and vision premiums for you and your dependents
- 12 weeks paid parental leave (for all parents, no waiting period)
- Stipends for
- Family-forming needs
- Gender-affirming care
- Unlimited PTO
Related Guides
Related Categories
Related Job Pages
More Security Engineer Jobs
Cybersecurity Consultant
AvertiumThe security partner that companies turn to for end-to-end solutions that attack the chaos of cybersecurity with context
Responsibilities: Security strategy development: Collaborate with clients to develop and implement effective cybersecurity strategies. Define security frameworks, policies, and roadmaps aligned with clients' business objectives, risk appetite, and industry best practices. Security controls implementation: Design and implement advanced security controls and technologies based on industry standards and regulatory requirements. This may involve configuring and integrating various security tools, such as SIEM, DLP, IDS/IPS, and endpoint protection systems. Security architecture design: Provide expertise in designing secure systems, networks, and cloud environments. Develop security architectures that align with industry best practices, regulatory requirements, and clients' specific needs. Assess and recommend security controls for new technology implementations. Project management: Lead and manage complex cybersecurity projects, ensuring projects are delivered on time, within budget, and meet quality standards. Client relationship management: Develop and maintain strong client relationships. Act as a trusted advisor, provide timely and effective communication, and address client concerns or escalations. Research and thought leadership: Stay updated on the latest cybersecurity trends, emerging threats, and technologies. Conduct research and contribute to thought leadership initiatives, such as whitepapers, industry presentations, and internal training sessions.
