ABOUT THE ROLE The Security Engineer II - Cloud & Vulnerability Management is a key contributor to Nasuni's Information Security program, focused on protecting our hybrid and multi-cloud infrastructure through strong asset visibility, vulnerability management, and endpoint security. This role has a clear owner in the asset and vulnerability space: you will manage and operate the tools and workflows that keep our cloud, on-premises, and endpoint environments understood, assessed, and hardened. You will work within a well-supported security team that includes a dedicated SecOps function (handling the bulk of day-to-day detection and incident response) Your focus is on the engineering and operational work that keeps our infrastructure posture healthy and measurable, with meaningful incident response responsibilities when your expertise is relevant. Participation in an on-call rotation is required. Level and Scope This role is responsible for executing and continuously improving vulnerability management, asset visibility, and cloud security processes. The Security Engineer II works independently within defined areas of ownership while partnering with senior security team members on broader security strategy and program evolution. WHAT YOU WILL DO Asset & Vulnerability Management - Own day-to-day execution of Nasuni's vulnerability management processes and tooling across cloud infrastructure (Wiz), on-premises and network assets (Rapid7), while contributing to ongoing program improvements. - Support the maintenance of a current, accurate asset inventory across cloud workloads, physical infrastructure, network devices, and employee endpoints. - Manage the full vulnerability lifecycle, including identification, triage, prioritization, remediation coordination, and validation. - Partner with Engineering, SRE, and IT/Infrastructure teams to drive remediation activities. - Produce clear, actionable vulnerability reporting for Engineering and IT/Infrastructure stakeholders and security leadership. - Track remediation SLAs, identify patterns in recurring weaknesses, and recommend systemic improvements to reduce exposure. - Contribute to patch management coordination efforts and support secure configuration baseline reviews across key asset classes. - Maintain visibility and inventory accuracy across cloud, endpoint, network, and infrastructure assets in partnership with IT/Infrastructure teams. Cloud and Infrastructure Security - Monitor cloud security posture via Wiz across AWS, Azure, and GCP environments — identifying misconfigurations, high-risk exposures, and policy violations. - Support secure configuration of cloud workloads, network controls, IAM, and infrastructure components in collaboration with engineering and SRE teams. - Identify and escalate configuration drift, excessive permissions, and security gaps in cloud infrastructure. - Provide security input on infrastructure changes and support security reviews as needed. Incident Response - Support security incidents where infrastructure, asset, or vulnerability context is needed. - Independently manage and investigate moderate-severity security incidents within your domain; conduct root cause analysis and contribute to post-incident reviews. - Maintain and improve documentation and runbooks for asset, vulnerability, and endpoint-related incident response procedures. - Support additional incident response efforts as needed. Compliance and Documentation - Support internal and external evidence collection and control documentation for within your areas of ownership. - Maintain accurate records of scanning activity, remediation outcomes, and asset coverage for audit readiness. - Contribute to security awareness initiatives and help communicate security expectations around patch and configuration hygiene to engineering teams. Growth and Collaboration - Share knowledge and support team development through collaboration and peer guidance. - Identify operational gaps and recommend practical improvements to strengthen security posture and program effectiveness. - Leverage AI-assisted tools to improve security analysis, vulnerability triage, reporting, and operational workflows while validating outputs and maintaining accountability for decisions. Expected Impact - Improve visibility across cloud and infrastructure assets. - Support timely vulnerability remediation against established SLAs. - Improve vulnerability reporting quality and stakeholder actionability. - Reduce recurring findings through operational improvements and stronger configuration hygiene. WHAT YOU WILL BRING Experience - 3–6 years of experience in security engineering, cloud security, vulnerability management, or a closely related role. - Hands-on experience managing vulnerability scanning or asset management programs in a cloud or hybrid environment. - Experience coordinating remediation efforts across Engineering, Infrastructure and/or IT teams. - Experience prioritizing vulnerabilities using risk-based methodologies and business context. - Experience using AI-enabled tools to improve operational efficiency, analysis, investigation, or reporting while applying appropriate validation and security controls. Skills - Experience with cloud security platforms, ideally including Wiz or a comparable CSPM tool; familiarity with AWS, Azure, or GCP security fundamentals. - Hands-on experience with vulnerability management tools such as Rapid7 InsightVM, Qualys, Tenable, or equivalent. - Working knowledge of network protocols, network security fundamentals, and infrastructure security concepts (TCP/IP, firewall logic, segmentation). - Familiarity with secure configuration standards such as CIS Benchmarks and common vulnerability frameworks (CVSS, CVE). - Strong written and verbal communication skills. Able to translate vulnerability findings into clear, prioritized guidance for cross-functional partners. - Ownership mindset: you follow through on commitments, track your own work, and raise blockers early. - Collaborative and reliable partner across engineering, IT/infrastructure, and security teams. Education and Certifications - Bachelor's degree in Information Security, Computer Science, or a related field; or equivalent practical experience. - Certifications preferred: CompTIA Security+, AWS Security Specialty, CySA+, or equivalent. Why work at Nasuni? As part of our commitment to your well-being, we are pleased to offer comprehensive benefits packages to employees across the US. Benefits packages generally include: - Best in class employee onboarding and training - "Take What You Need” paid time off policy - Comprehensive health, dental and vision plans - Company-paid life and disability insurance - 401(k) and Roth IRA retirement plan - Generous employee referral bonuses - Flexible remote work policy - 10 Paid Holidays - Wide array of wellbeing offerings - Pre-tax savings accounts with company contributions - Great team culture and social activities - Collaborative workspaces - Free on-site fitness centers and stocked kitchens in select office locations - Professional development resources Compensation Transparency: In accordance with U.S. pay transparency laws, Nasuni is committed to providing visibility into compensation for all U.S.-based roles. Click HERE to view our compensation ranges by job grade. Actual compensation will be based on a variety of factors, including a candidate’s experience, skills, education, and work location. To all recruitment agencies: Nasuni does not accept agency resumes. Please do not forward resumes to our job boards, Nasuni employees or any other company location. Nasuni is not responsible for any fees related to unsolicited resumes. Nasuni is an equal opportunity employer. The equal employment opportunity policy at Nasuni protects employees and job applicants from discrimination on the bases of race, religion, color, sex (including pregnancy, gender identity, and sexual orientation), parental status, national origin, age, disability, family medical history or genetic information, political affiliation, military service, or other non-merit based factors. These protections extend to all management practices and decisions, including recruitment and hiring practices, appraisal systems, promotions, and training and career development programs. This privacy notice relates to information collected (whether online or offline) by Nasuni Corporation and our corporate affiliates (collectively, “Nasuni”) from or about you in your capacity as a Nasuni employee, independent contractor/service provider or as an applicant for an employment or contractor relationship with Nasuni. This privacy notice relates to information collected (whether online or offline) by Nasuni Corporation and our corporate affiliates (collectively, “Nasuni”) from or about you in your capacity as a Nasuni employee, independent contractor/service provider or as an applicant for an employment or contractor relationship with Nasuni.

• Lead the architecture and development of security agent capabilities that power runtime threat detection and workload protection across Datadog Security products. • Design and build reusable eBPF-based monitoring functionality for process, file, and network visibility within Linux environments. • Drive end-to-end delivery of new features, from technical strategy and design through implementation, testing, and rollout. • Establish and evolve testing methodologies that improve platform coverage, detection quality, reliability, and performance. • Partner with product, security, infrastructure, and engineering teams to deliver shared platform capabilities used across multiple Datadog products. • Provide technical leadership by influencing engineering direction, mentoring peers, and helping resolve complex cross-functional challenges.

• Lead the architecture and development of security agent capabilities that power runtime threat detection and workload protection across Datadog Security products. • Design and build reusable eBPF-based monitoring functionality for process, file, and network visibility within Linux environments. • Drive end-to-end delivery of new features, from technical strategy and design through implementation, testing, and rollout. • Establish and evolve testing methodologies that improve platform coverage, detection quality, reliability, and performance. • Partner with product, security, infrastructure, and engineering teams to deliver shared platform capabilities used across multiple Datadog products. • Provide technical leadership by influencing engineering direction, mentoring peers, and helping resolve complex cross-functional challenges.

Role Description The Web Developer Security Engineer protects mission-critical web applications, application programming interfaces (APIs), and sensitive data by embedding security across the software development lifecycle. This role combines application security engineering, secure software development, vulnerability remediation, monitoring, and compliance support. Qualifications - Minimum of three years of experience in web application security, application security engineering, or secure software development lifecycle work. - Hands-on experience in secure software development, DevSecOps automation, and vulnerability remediation. - Proven experience with .NET technologies, HTML5, CSS3, JavaScript, representational state transfer (REST) APIs, and structured query language (SQL). - Ability to leverage AI-assisted development tools and scripting languages to automate monitoring and compliance efforts. - Strong understanding of the Open Worldwide Application Security Project (OWASP) Top 10, secure coding standards, web application firewalls (WAFs), file integrity monitoring, and security testing tools. - Ability to perform risk assessments and provide remediation guidance for core systems and dependencies. - Bachelor's degree or higher in computer science, cybersecurity, information systems, engineering, or a related field. - Ability to meet federal screening and suitability requirements prior to start. - Current security certifications maintained for a minimum of five years, spanning application security (such as CSSLP, GWEB, or CASE), offensive security (such as OSWE or OSCP), and foundational security (such as Security+ or GSEC); expired or never-used certifications will not be considered. Requirements - Identify, analyze, and remediate critical vulnerabilities, logic flaws, insecure dependencies, and misconfigurations in web applications and APIs. - Drive the vulnerability lifecycle through threat modeling, security assessments, and technical validation of remediation actions. - Support secure design patterns, data protection mechanisms, and secure communication protocols across applications and supporting services. - Review and analyze web server and application logs to detect anomalies and indicators of compromise. - Implement automation scripts for threat intelligence integration and application security monitoring. - Participate in audits, risk assessments, and security authorization activities tied to federal frameworks. Company Description