Staff Cloud Security Engineer

We are seeking an experienced Cloud Security Engineer to shape the security foundation of our modern cloud environments and next-generation applications. In this high-impact role, you will design cutting-edge automated security controls, harden multi-cloud infrastructure, and champion secure development practices across the organization. If you are passionate about cloud security, DevSecOps, and staying ahead of emerging threats, this role puts you right at the center of innovation. What You’ll Do: DevSecOps and Automation Pipeline Integration: Integrate robust security controls directly into CI/CD platforms such as GitHub, GitLab, Jenkins, or Azure DevOps. Automated Scanning: Evaluate and implement pipeline-based security Infrastructure as Code (IaC) scanning. Manage and configure IaC scanning tools to surface true risk. Developer Feedback Loops: Build and optimize developer feedback loops and automated remediation workflows to ensure software is secure by default. Develop automated scripts using Python, Bash, or PowerShell to streamline security processes. Identity and Access Management (IAM) Cloud Identity Controls: Build and maintain IAM security controls across cloud platforms, assessing policies to enforce the principle of least privilege. Non-Human Identity Management: Standardize management, security controls, and lifecycle expectations with regard to non-human identity. Secrets Management: Govern the secure use of cloud identities, Application Programming Interfaces (APIs), and secrets management. Infrastructure Security and Hardening Cloud Posture: Develop and implement secure infrastructure baselines, vulnerability management processes, and hardening standards across AWS, Azure, or GCP environments. Infrastructure as Code (IaC): Validate security configurations and leverage IaC tools like Terraform, CloudFormation, or Bicep to ensure repeatable, auditable, and secure infrastructure provisioning. Network Security: Tackle high-impact infrastructure projects such as multi‑cloud network isolation, secure multi‑tenant use, and continuous remediation of discovered misconfigurations. Workload Security Cloud‑Native Architectures: Guide engineering teams on secure architecture design for cloud apps, microservices, serverless services, and PaaS workloads. Container Security: Advance container and Kubernetes security by implementing runtime controls, supply‑chain security, and configuration assessments. AI & Emerging Tech: Secure in‑house and public AI/ML systems against cyber threats, adversarial attacks, and unauthorized access, ensuring models and data pipelines are protected throughout the solution lifecycle. Data Security and Privacy Data Protection: Ensure that sensitive cloud and AI data is properly encrypted, anonymized, and securely stored. Encryption Standards: Assess and implement strong encryption configurations, checkpoint encryption, and tokenization to protect data at rest and in transit. Compliance Alignment: Develop and enforce policies to align data security and privacy measures with industry regulations, ethical standards, and organizational governance requirements. Monitoring, Detection, and Response Telemetry & Visibility: Partner with Security Operations to improve cloud application telemetry, logging, and observability. Help expand monitoring capabilities by onboarding log sources and building detection rules for cloud-based threats. Threat Detection: Monitor and analyze security events using SIEM, Cloud Security Posture Management (CSPM), and Cloud Workload Protection Platforms (CWPP). Incident Response: Support the triage, investigation, and forensic analysis of cloud-based application or pipeline security incidents, working collaboratively to contain and mitigate threats. What You’ll Bring: Experience: 5+ years of hands‑on experience in cloud security, application security, DevSecOps, or related engineering roles. Cloud Expertise: Deep hands‑on experience with Azure and/or AWS security services, including the design and maintenance of multi‑cloud application controls. Technical Skills: Proficiency in scripting (Python, Bash, PowerShell) to automate security tasks. Strong understanding of container security (Docker, Kubernetes) and IaC security (Terraform, ARM). Certifications: Industry certifications such as CCSP, CISSP, AWS Security Specialty, Azure Security Engineer, GCSA, or OSCP are highly preferred. Why this role? Transformative Impact: You will have a proactive, “builder” mindset with a passion for improving processes and reducing risk, directly driving scalable solutions across our real-world infrastructure. Cross‑Functional Collaboration: You will work closely with diverse engineering, DevOps, and product teams to ensure secure solution delivery, translating complex security concepts for both technical and non‑technical stakeholders. Continuous Growth: Join a dynamic team where you will continuously adapt to evolving challenges, stay ahead of emerging cloud threats, and explore the secure integration of frontier AI workloads. Be Human With Us Being human isn’t about checking every box on a list. It’s about the experiences we have, people we meet, and the perspectives we share. So, if you have the skills but are hesitant to apply because of your background, apply anyway. We need amazing people like you to help us challenge the conventional and think differently about the problems that we’re solving. We’re in this together. Come be human, with us. Use of AI Technology We use technology, including automated and AI‑assisted tools, to support certain aspects of our recruitment process. These tools are designed to improve efficiency and enhance the candidate experience. AI tools are not used to make hiring decisions; all hiring decisions are made by our hiring teams. What We Offer Flextime, recognition, and support for autonomous work: Flexible time off with ample learning and development opportunities to continue growing your career. We offer a comprehensive onboarding program, leadership training for Titans at all levels, and other programs and events. Great work is rewarded through Bonusly, peer‑nominated awards, and more. Holistic health and wellness benefits: Company‑paid medical, dental, and vision (with 100% employer‑paid options and 90% coverage for dependents), FSA and HSA, 401k match, and telehealth options including memberships to One Medical. Support for Titans at all stages of life: Parental leave and support, up to $20 k in fertility services (i.e. IUI and IVF), surrogacy, and adoption reimbursement, on‑demand maternity support through Maven Maternity, free breast milk shipping through Maven Milk, pet insurance, legal advisory services, financial planning tools, and more. At ServiceTitan, we celebrate individuality and uniqueness. We believe that the convergence of fresh perspectives and experiences from all walks of life is what makes our product and culture so great. We strongly encourage people from underrepresented groups to apply. We do not discriminate against employees based on race, color, religion, sex, national origin, gender identity or expression, age, disability, pregnancy (including childbirth, breastfeeding, or related medical condition), genetic information, protected military or veteran status, sexual orientation, or any other characteristic protected by applicable federal, state or local laws. ServiceTitan is committed to fair and equitable compensation for all of our employees. We thoughtfully consider a wide range of factors when determining individual compensation. The expected salary range for this role for candidates residing in the United States is between $137,900 USD - $184,500 USD. Compensation for candidates residing outside the United States will vary by location and the specific salary range will be discussed during the hiring process. Actual compensation for an individual may vary depending on skills, performance over time, qualifications, experience, and location. In addition to the base salary, the total compensation package also includes an annual bonus, equity and a holistic suite of benefits. #J-18808-Ljbffr ServiceTitan