Cloud Security & Automation Engineer

Menlo Security's mission is enabling the world to connect, communicate and collaborate securely without compromise. COVID-19 has made our mission all the more real. We support customers across various enterprises including Fortune 500 companies, 9/10 of the largest global banks and the Department of Defense. The world has fundamentally changed. We are growing from 400 employees into the next phase of our journey, and we need passionate talent filled with empathy and agility. The right candidate for the job is ethical, hyper-organized, fanatical about seeing things through to completion, service-oriented, and humble enough to take feedback and coaching yet confident enough to provide feedback and coaching. Menlo is well-funded for growth and our investors are second to none. They include Vista Equity Partners (“Vista”), General Catalyst, JPMC, American Express, HSBC, and Ericsson Ventures. Role Overview We are seeking a forward-thinking Security Engineer to join our team, focusing on SecOps for the cloud architecture supporting the product. In this role, you will operate across a complex, multi-cloud environment (AWS & GCP) comprising both traditional VMs and modern managed and unmanaged container-based architectures. As part of a lean team, your primary focus will be on the aggressive automation of security processes. You will be responsible for deploying, integrating, and monitoring Jenkins and GitLab pipelines to ensure that "Security as Code" scales seamlessly alongside our infrastructure. This includes the strategic deployment and management of CSPM, CNAPP, and CWPP tools to act as a force multiplier for the team. Your operational cadence must be built on speed and automation over manual triage. Success requires you to continuously tune alerting to ensure high-fidelity signals, reduce alert fatigue, and build automated response workflows. Ultimately, you will conduct rigorous infrastructure reviews to ensure that cloud configurations, IAM policies, and orchestration layers meet our security baselines while maintaining rapid release velocity. Key Responsibilities Multi-Cloud Governance (AWS & GCP): Deploy and manage Cloud Security Posture Management (CSPM) tools to automatically detect and remediate misconfigurations across both providers. Container Security Lifecycle: Implement Cloud Native Application Protection Platform (CNAPP) strategies by shifting left and integrating container image scanning directly into Jenkins and GitLab pipelines. Workload Protection: Deploy and tune Cloud Workload Protection Platform (CWPP) tools to monitor runtime behavior and detect anomalies in both VMs and Kubernetes pods. Advanced Automation & SOAR: Build Automated Response Playbooks to automatically enrich alerts, isolate compromised resources, and dismiss low-fidelity noise without human intervention. Infrastructure Review & Identity: Manage effective permissions across complex multi-cloud IAM structures and standardize secret management workflows. Release Readiness & Customer Trust: Collaborate closely with Technical Program Managers (TPMs) during software releases to enforce compliance standards and oversee vulnerability scanning. Additionally, respond to customer inquiries regarding the impact of Common Vulnerabilities and Exposures (CVEs) on our product. Required Skills & Qualifications Multi-Cloud Fluency: Deep architectural understanding of GCP and AWS, with the ability to manage complex IAM policies, standardizing identity, and securing networking layers across both providers. Security Automation: Proficiency in Python, Go, or Bash to write custom scripts that eliminate toil, build auto-remediation playbooks, and streamline security operations. Infrastructure as Code (IaC): Experience developing secure Terraform modules and primitives for the organization to stem from, ensuring security defaults are baked into the architecture and catching misconfigurations before deployment. Developer Enablement: Design and maintain shared CI/CD security components (SAST/SBOM/Container Scanning) that are easily adoptable by engineering teams with minimal friction. Container Security: Proven experience securing managed (EKS, GKE) and unmanaged container workloads, with a strong emphasis on automating runtime defenses and admission controllers. Pragmatic Mindset: The ability to operate pragmatically within a lean team, knowing how to prioritize risk based on runtime context and business impact rather than just chasing scanner outputs. Privileged Access Management: Proven ability to implement and manage Just-In-Time access policies to replace manual ticket and eliminating standing privileges. Federal Compliance & Citizenship: Due to the role’s involvement in federal compliance activities, the candidate is required to be a US citizen. Bonus Points Orchestration & Event-Driven Automation Expert: Proven experience designing and deploying fully automated security systems using AWS Step Functions or Google Cloud Workflows. You have a track record of building event-driven architectures that orchestrate complex, multi-stage security workflows such as automatically triggering vulnerability scans upon resource creation, aggregating and filtering reporting data, and routing high-fidelity, actionable alerts to Slack, Grafana, and other external platforms. Performance-Aware Security Engineering: Experience troubleshooting and tuning security agent performance to balance deep visibility with system stability, specifically preventing CPU/Memory exhaustion in high-traffic proxy environments. Linux Security: Understanding of Linux security primitives, specifically the use of MAC (Mandatory Access Control) like AppArmor or SELinux, DAC (Discretionary Access Control), and Linux kernel capabilities Our Compensation And Benefits At Menlo Security, Base Salary is one part of our competitive total compensation and benefits package and is determined using a salary range. The base salary range for this role is $105,000 - $185,000. In accordance with NY, CO, CA, and WA law, the range provided is Menlo Security’s reasonable estimate of the base compensation for this role. The actual amount may be higher or lower, based on non-discriminatory factors such as experience, knowledge, skills, abilities, and location. All employees may be eligible to become Menlo Security shareholders through eligibility for stock-based compensation grants, which are awarded to employees based on company and individual performance. Menlo Security does not accept unsolicited resumes from search firm recruiters. Fees will not be paid in the event a candidate submitted by a recruiter without an agreement in place is hired; such resumes will be deemed the sole property of Menlo Security. Menlo Security is an equal opportunity employer. All aspects of employment will be based on merit, competence, performance, and business needs. We do not discriminate on the basis of race, color, religion, marital status, age, national origin, ancestry, physical or mental disability, medical condition, pregnancy, genetic information, gender, sexual orientation, gender identity or expression, veteran status, or any other status protected under federal, state, or local law.

MSGL-I4

Why Menlo? Our culture is collaborative, inclusive, and fun! We have five core values: Stay Aligned, Get It Done, Customer Empathy, Think Creatively and Help Each Other Out. We believe in open communication, supporting new ideas, and sharing a mutual mindset of what we’re aiming to achieve together. There are tremendous opportunities to take initiative, implement new ideas, and have a hand in building a legacy. All qualified applicants will receive consideration for employment without regard to race, sex, color, religion, sexual orientation, gender identity, national origin, protected veteran status, or on the basis of disability . TO ALL AGENCIES: Please, no phone calls or emails to any employee of Menlo Security outside of the Talent organization. Menlo Security’s policy is to only accept resumes from agencies via Ashby (ATS). Agencies must have a valid services agreement executed and must have been assigned by the Talent team to a specific requisition. Any resume submitted outside of this process will be deemed the sole property of Menlo Security. In the event a candidate submitted outside of this policy is hired, no fee or payment will be paid. #J-18808-Ljbffr Menlo Security Inc.