Senior Product Security Engineer, Cloud Security

Working at Atlassian

• Security Assessments & Threat Modeling:

  Collaborate with engineering teams to conduct security assessments and threat modeling for cloud-native and SaaS products.

• Secure Architecture & Design Reviews:

  Review and influence the design of cloud architectures (AWS, GCP, Azure), ensuring robust security controls and secure-by-default practices.

• Automation & Detection:

  Develop and maintain automation for security controls, reducing manual effort in detecting and remediating security gaps.

• Operational Excellence:

  Drive improvements to the operational quality of features built by your team, including documentation, reusable standards, reliability, and performance.

• Mentorship & Collaboration:

  Mentor engineers, share knowledge, and contribute to a collaborative and inclusive environment.

• Continuous Improvement:

  Identify opportunities to improve security processes and tooling, and share improvements to benefit other teams.

• Incident Response:

  Participate in cloud security incident investigations and drive remediation efforts.

• Stakeholder Engagement:

  Communicate security risks and solutions to both technical and non-technical stakeholders, influencing decision-making and adoption of security best practices

• 10+ years of experience working in security-focused roles, with a strong emphasis on cloud security.
• Demonstrated experience collaborating with engineering teams to conduct security assessments and threat modeling for SaaS and cloud-native products.
• Hands-on expertise in cloud security, with a focus on AWS, GCP, and/or Azure, and experience with container security (Docker, Kubernetes).
• Review and influence the design of cloud architectures (AWS, GCP, Azure), ensuring robust security controls and secure-by-default practices. Involves security assessments for highly regulated cloud environments and offerings, such as Isolated, Private, Government and FedRamp environments.
• Experience overseeing security design reviews for services transitioning to micro-services architectures.
• Proficiency in at least one programming language (for example, Python, Go, Java, or JavaScript) and scripting for automation.
• Experience integrating security into CI/CD pipelines and infrastructure as code (IaC).
• Ability to communicate complex security concepts clearly and influence engineering teams.
• Experience mentoring or coaching other engineers and contributing to a collaborative team environment

• Bachelor-s or Master-s degree in Computer Science, Information Security, or a related field (or equivalent practical experience).
• Strong understanding of cloud security architecture, zero trust, data isolation, encryption, and multi-tenancy.
• Experience with infrastructure as code, secrets management, and integrating security into the SDLC.
• Familiarity with detection engineering, cloud logs, IAM graphs, and alert tuning.
• Ability to balance UX/developer needs with security requirements.
• Excellent communication and collaboration skills.
  

• Experience writing software that enables security processes.
• CVEs to or contributions to open-source security software.
• Delivered industry presentations or published security research.
• Experience with serverless architectures or securing containerized workloads
• Contributions to open-source security software
• Delivered industry presentations