Senior Security Engineer Cloud Defense & Incident Response

• We are looking for a Senior Security Engineer with 810 years of hands-on experience to be a force multiplier in our Cloud Security and Incident Response program. This is a deeply technical, individual-contributor role reporting to the Associate Director of Security Engineering in a high-velocity, AI-first company.
• You will own detection, response, and hardening for our multi-cloud environment (AWS, GCP, Azure) while driving real-time defense against sophisticated threats targeting our infrastructure and AI workloads.
• This is a boots-on-the-ground role: youll hunt threats, lead incidents, write detection logic, harden cloud configurations with code, and eliminate entire classes of risk before attackers can exploit them.

The Impact

• Be the tip-of-the-spear defender for petabyte-scale AI infrastructure.
• Directly stop nation-state and financially motivated attackers.
• Equity in a high-growth AI company.
• Remote-first, global team with deep trust and autonomy.
• Work side-by-side with world-class platform engineers and AI researchers.

Key Responsibilities

• Cloud Threat Detection & Response Build, tune, and operationalize high-signal detection content (Sigma, YARA-L, cloud-native logs, EDR) across AWS, GCP, and Azure. Lead investigation and response for cloud-native incidents end-to-end.
• Incident Commander & Forensics Serve as on-call Incident Commander for major security events. Perform rapid compromise assessment, memory forensics, cloud artifact collection, and root-cause analysis.
• Cloud Platform Hardening Own least-privilege IAM policies, guardrails (SCP, Azure Policy, Config rules), workload identity federation, and hardened landing-zone standards using Infrastructure-as-Code (Terraform, Pulumi, Crossplane).
• Threat Hunting Proactively hunt across cloud control plane, data plane, and workloads for living-off-the-land techniques, supply-chain compromise, and AI-specific threats (model theft, training data exfil).
• Automation & Tooling Build and maintain security automation (SOAR playbooks, Lambda/SOAR responders, custom detection tooling) to reduce MTTD/MTTR.
• Red Team Collaboration Partner with internal red team and external pentesters to validate detections and drive remediation of systemic cloud risks.
• Security Champions & Enablement Mentor engineers on secure cloud patterns and deliver lunch-and-learn threat briefings tied to real incidents.

Required Qualifications

• 8-10+ years of hands-on experience in cloud security and incident response.
• Expert-level operational experience with at least two of AWS, GCP, or Azure (the third is a strong plus).
• Proven track record leading complex, real-world incident response in cloud environments (ransomware, APT, credential abuse, etc.).
• Strong scripting/programming skills (Python/Go + heavy Terraform or equivalent IaC).
• Deep knowledge of cloud attack techniques: IAM privilege escalation, container escapes, SSRF to metadata, living-off-the-cloud, etc.
• Experience writing and tuning detection rules in Splunk, Elastic, Panther, Datadog Security, or similar.
• Relevant certifications (preferred): GCIH, GCFA, GNFA, AWS Certified Security Specialty, Azure Security Engineer, Google Professional Cloud Security Engineer, CCSP.

Preferred Skills

• Experience responding to AI-specific incidents (training cluster breaches, model exfiltration, poisoned datasets).
• Contributions to open-source detection content or DFIR tools.
• Prior offensive experience (red team, pen testing) applied to blue-team outcomes.
• Familiarity with MITRE ATT&CK for IaaS/PaaS and the emerging AI Threat Matrix.