Senior Cloud Security Engineer

At Braze, we have found our people. We're a genuinely approachable, exceptionally kind, and intensely passionate crew.

We seek to ignite that passion by setting high standards, championing teamwork, and creating work-life harmony as we collectively navigate rapid growth on a global scale while striving for greater equity and opportunity - inside and outside our organization.

To flourish here, you must be prepared to set a high bar for yourself and those around you. There is always a way to contribute: Acting with autonomy, having accountability and being open to new perspectives are essential to our continued success.

Our deep curiosity to learn and our eagerness to share diverse passions with others gives us balance and injects a one-of-a-kind vibrancy into our culture.

If you are driven to solve exhilarating challenges and have a bias toward action in the face of change, you will be empowered to make a real impact here, with a sharp and passionate team at your back. If Braze sounds like a place where you can thrive, we can't wait to meet you.

WHAT YOU'LL DO

Braze is seeking a Senior Cloud Security Engineer to join our existing Security Engineering function. Braze is a modern, cloud-first SaaS company operating entirely on cloud-native infrastructure with large-scale, distributed systems across AWS, GCP, and self-managed Kubernetes environments. We are looking for an engineer with deep cloud security expertise who can partner with DevOps, Infrastructure, and Product Engineering teams to strengthen our cloud posture, secure our platforms, and help drive the future of Cloud Security at Braze.

As a Senior Cloud Security Engineer at Braze, you will work on a diverse set of initiatives, including:

• Working closely with Infrastructure, SRE, and Product Engineering to design secure cloud architectures and develop practical, scalable security controls for new and existing services
• Implementing and improving end-to-end cloud security controls across AWS, GCP, Kubernetes, CI/CD pipelines, and self-managed systems
• Leading and improving our existing vulnerability management workflow for cloud assets, including scanning, triage, prioritization, and remediation with tools like Tenable and native CSP capabilities
• Managing and optimizing security tooling such as CrowdStrike (EDR/CSPM/IR), cloud-native security services, and SIEM detection rules (with the help of our existing SIEM Management function)
• Performing threat modeling for new cloud technologies and patterns adopted across engineering
• Contributing directly to incident response, cloud forensics, and run-time security investigations
• Securing and supporting Infrastructure-as-Code deployments, with ownership over the design and hardening of IaC and CI/CD automation pipelines
• Developing automation using Python and SOAR platforms to improve detection, response, and remediation workflows
• Enhancing cloud logging, alerting, monitoring, and operational visibility across AWS and GCP
• Continually assessing cloud security posture and identifying opportunities to reduce risk, harden environments, and adopt best-in-class cloud security practices

WHO YOU ARE

You are someone who can translate complex cloud attack paths, IAM misconfigurations, and multi-step threat scenarios into clear guidance for engineers and product teams. You bring deep hands-on experience securing large-scale cloud platforms-especially AWS - and understand how to balance strong security controls with operational realities. You stay current with cloud security trends, tools, standards, and threat landscapes, and you have a track record of improving real-world cloud security in production environments.

A good candidate will have:

• 5+ years of experience working in Cloud Security, Infrastructure Security, or DevSecOps in a product-focused company
• Demonstrable, expert level skills in modern enterprise networking
• Expert-level knowledge of AWS security, including IAM, control plane security, network controls, logging, monitoring, and cloud-native security services
• Strong understanding of GCP security, with Azure familiarity as a plus
• Significant experience with self-managed Kubernetes/K8's
• Hands-on experience with CrowdStrike, Tenable, and native cloud CSPM/CWPP tooling
• Proven track record as an incident responder in cloud environments
• Strong understanding of run-time security, CSPM concepts, cloud forensics, and vulnerability management workflows
• Deep operational experience with IAM, RBAC, and integrations with external identity providers
• Experience securing CI/CD pipelines and Infrastructure-as-Code (Terraform preferred)
• Strong Python skills for automation and SOAR workflows
• Knowledge of securing distributed systems, including experience with self-managed databases such as MongoDB
• Familiarity with common security frameworks and regulations (SOC 2, ISO 27001, NIST), and understanding how they apply to cloud environments
• Ability to articulate risk clearly and provide actionable mitigation strategies to engineering teams
• Strong knowledge of patch management, base image hardening, and version management in containerized and VM-based environments

An excellent candidate will have:

• Hands-on experience securing large-scale, high-throughput distributed systems
• Demonstrated expertise in cloud forensics, including investigations across AWS or GCP
• Experience managing or operating enterprise-scale CSPM programs
• Experience contributing to SOAR pipelines or building automated remediation systems
• Prior experience in the SaaS space
• Contributions to open-source cloud or security projects
• Published research, CVEs, conference talks, or community-led cloud security work
• Experience conducting or integrating cloud penetration testing or adversarial simulation techniques

For candidates based in the United States, the pay range for this position at the start of employment is expected to be between $128,842 and $232,200/year with an expected On Target Earnings (OTE) between $144,000 and $258,000/year (including bonus or commission). Your exact offer may vary depending on multiple individualized factors, including market location, job-related knowledge, skills, and experience. In addition to cash compensation, Braze offers full- and part- time employees a comprehensive Total Rewards package that includes equity grants of restricted stock (RSUs) so that all Braze employees own a piece of our company.

#LI-Hybrid

WHAT WE OFFER

Braze benefits vary by location, and we encourage you to review our specific benefits offerings for each country here. More details on benefits plans will be provided if you receive an offer of employment.

From offering comprehensive benefits to fostering hybrid ways of working, we've got you covered so you can prioritize work-life harmony. Braze offers benefits such as:

• Competitive compensation that may include equity
• Retirement and Employee Stock Purchase Plans
• Flexible paid time off
• Comprehensive benefit plans covering medical, dental, vision, life, and disability
• Family services that include fertility benefits and equal paid parental leave
• Professional development supported by formal career pathing, learning platforms, and a yearly learning stipend
• A curated in-office employee experience, designed to foster community, team connections, and innovation
• Opportunities to give back to your community, including an annual company-wide Volunteer Week and donation matching
• Employee Resource Groups that provide supportive communities within Braze
• Collaborative, transparent, and fun culture recognized as a Great Place to Work®

ABOUT BRAZE Braze is the leading customer engagement platform that empowers brands to Be Absolutely Engaging.™ Braze helps brands deliver great customer experiences that drive value both for consumers and for their businesses. Built on a foundation of composable intelligence, BrazeAI™ allows marketers to combine and activate AI agents, models, and features at every touchpoint throughout the Braze Customer Engagement Platform for smarter, faster, and more meaningful customer engagement. From cross-channel messaging and journey orchestration to Al-powered decisioning and optimization, Braze enables companies to turn action into interaction through autonomous, 1:1 personalized experiences.

The company has repeatedly been recognized as a Leader in marketing technology by industry analysts, and was voted a G2 "Best of Marketing and Digital Advertising Software Product" in 2025.

Braze was also named a 2025 Best Companies To Work For by U.S. News & World Report, a 2025 America's Greatest Companies by Newsweek, and a 2025 Fortune Best Workplace in Technology™ by Great Place To Work®, among other accolades. Braze is also proudly certified as a Great Place to Work® in the U.S., the UK, Australia, and Singapore.

The company is headquartered in New York with offices in Austin, Berlin, Bucharest, Chicago, Dubai, Jakarta, London, Paris, San Francisco, São Paulo, Singapore, Seoul, Sydney and Tokyo.
BRAZE IS AN EQUAL OPPORTUNITY EMPLOYER
At Braze, we strive to create equitable growth and opportunities inside and outside the organization.

Building meaningful connections is at the heart of everything we do, and that includes our recruiting practices. We're committed to offering all candidates a fair, accessible, and inclusive experience - regardless of age, color, disability, gender identity, marital status, maternity, national origin, pregnancy, race, religion, sex, sexual orientation, or status as a protected veteran. When applying and interviewing with Braze, we want you to feel comfortable showcasing what makes you you.

We know that sometimes different circumstances can lead talented people to hesitate to apply for a role unless they meet 100% of the criteria. If this sounds familiar, we encourage you to apply, as we'd love to meet you.
Please see our Candidate Privacy Policy for more information on how Braze processes your personal information during the recruitment process and, if applicable based on your location, how you can exercise any privacy rights.