Staff Cloud Security Engineer

What You’ll Do: DevSecOps and Automation Pipeline Integration: Integrate robust security controls directly into CI/CD platforms such as GitHub, GitLab, Jenkins, or Azure DevOps. Automated Scanning: Evaluate and implement pipeline‑based security infrastructure as code (IaC) scanning and manage/configure IaC scanning tools to surface true risk. Developer Feedback Loops: Build and optimize developer feedback loops and automated remediation workflows, developing scripts using Python, Bash, or PowerShell. Identity and Access Management (IAM): Build and maintain IAM security controls across cloud platforms, enforce the principle of least privilege. Non‑Human Identity Management: Standardize management, controls, and lifecycle expectations for non‑human identities. Secrets Management: Govern the secure use of cloud identities, APIs, and secrets management. Infrastructure Security and Hardening: Develop and implement secure infrastructure baselines, vulnerability management processes, and hardening standards across AWS, Azure, or GCP. IaC: Validate security configurations and leverage IaC tools such as Terraform, CloudFormation, or Bicep to ensure repeatable, auditable, and secure provisioning. Network Security: Tackle high‑impact infrastructure projects such as multi‑cloud network isolation, secure multi‑tenant use, and continuous remediation of misconfigurations. Workload Security: Guide engineering teams on secure architecture design for cloud apps, microservices, serverless services, and PaaS workloads. Container Security: Advance container and Kubernetes security by implementing runtime controls, supply‑chain security, and configuration assessments. AI & Emerging Tech: Secure in‑house and public AI/ML systems against cyber threats, adversarial attacks, and unauthorized access. Data Security and Privacy: Ensure sensitive cloud and AI data is properly encrypted, anonymized, and securely stored. Encryption Standards: Implement strong encryption configurations, checkpoint encryption, and tokenization to protect data at rest and in transit. Compliance Alignment: Develop and enforce policies to align data security and privacy measures with industry regulations and organizational governance. Monitoring, Detection, and Response: Partner with Security Operations to improve cloud application telemetry, logging, and observability. Build detection rules, monitor events using SIEM, CSPM, and CWPP, and support incident triage, investigation, and forensic analysis. What You’ll Bring: 7‑10+ years of hands‑on experience in cloud security, application security, DevSecOps, or related engineering roles. Deep knowledge of Azure and/or AWS security services, including the design and maintenance of multi‑cloud application controls. Proficiency in scripting languages (Python, Bash, PowerShell) to automate security tasks. Strong understanding of container security (Docker, Kubernetes) and IaC security (Terraform, ARM). Preferred industry certifications such as CCSP, CISSP, AWS Security Specialty, Azure Security Engineer, GCSA, or OSCP. What We Offer: Flexible time off, learning and development opportunities, comprehensive onboarding, leadership training, and peer‑nominated awards. Health and wellness benefits include medical, dental, vision, FSA, HSA, 401k match, and telehealth options. Parental leave, fertility services, surrogacy and adoption reimbursement, mortgage support, legal advisory, and financial planning tools. We celebrate diversity and maintain an inclusive culture. We strongly encourage people from underrepresented groups to apply. We do not discriminate based on race, color, religion, sex, national origin, gender identity, age, disability, pregnancy, genetic information, protected veteran status, sexual orientation, or any characteristics protected under applicable laws. ServiceTitan is committed to fair and equitable compensation for all employees. #J-18808-Ljbffr ServiceTitan, Inc.