Communicating Between Technical and Non-Technical Colleagues

As a Staff Data Engineer, you will communicate effectively with technical and non-technical stakeholders, support and host discussions within a multidisciplinary team, and be an advocate for the team externally.

Data Analysis and Synthesis

You will undertake data profiling and source system analysis, present clear insights to colleagues to support the end use of the data.

Data Development Process

You will design, build and test data products that are complex or large scale, build teams to complete data integration services.

Data Innovation

You will understand the impact on the organization of emerging trends in data tools, analysis techniques and data usage.

Data Integration Design

You will select and implement the appropriate technologies to deliver resilient, scalable and future-proofed data solutions and integration pipelines.

Data Modeling

You will produce relevant data models across multiple subject areas, explain which models to use for which purpose, understand industry-recognised data modelling patterns and standards, and when to apply them, compare and align different data models.

Metadata Management

You will design an appropriate metadata repository and present changes to existing metadata repositories, understand a range of tools for storing and working with metadata, provide oversight and advice to more inexperienced members of the team.

Problem Resolution

You will respond to problems in databases, data processes, data products and services as they occur, initiate actions, monitor services and identify trends to resolve problems, determine the appropriate remedy and assist with its implementation, and with preventative measures.

Programming and Build

You will use agreed standards and tools to design, code, test, correct and document moderate-to-complex programs and scripts from agreed specifications and subsequent iterations, collaborate with others to review specifications where appropriate.

Technical Understanding

You will understand the core technical concepts related to the role, and apply them with guidance.

Testing

You will review requirements and specifications, and define test conditions, identify issues and risks associated with work, analyse and report test activities and results.

XML job scraping automation by YubHub

As part of the Anthropic security department, the compliance team owns understanding security and AI safety expectations, as established by regulators, customers, and industry norms. The compliance team uses this understanding to provide direction to internal partners on the priorities of security and safety requirements they must meet.

Responsibilities

• Operate Anthropic's HIPAA compliance review program, executing on HIPAA obligations across the product portfolio.
• Run a dedicated HIPAA review track in parallel with the Product Security Review (PSR) process, applying compliance checklist to every in-scope change and recording a complete, auditable disposition before release.
• Build and maintain change monitoring mechanisms to catch HIPAA-relevant changes , including default setting changes and incremental updates.
• Partner with product and engineering teams upstream to ensure HIPAA considerations are built into first releases rather than addressed as post-launch remediations.
• Assess and document PHI data flows, infrastructure boundaries, and control coverage across Anthropic's cloud-native product environments.
• Write, update, and enact HIPAA policies, checklists, deployment guides, and audit evidence packages.
• Manage Business Associate Agreement (BAA) obligations and coordinate with legal and external counsel on PHI determination questions and emerging regulatory requirements.
• Contribute to Anthropic's broader compliance program, including adjacent frameworks (SOC 2, ISO 27001, NIST 800-53) where they intersect with HIPAA obligations.

Requirements

• 3+ years of progressive experience in compliance roles, including direct ownership of a HIPAA compliance program at a technology company
• Evaluated PHI data flows and infrastructure boundaries in cloud-native environments (AWS, GCP, or Azure) and can assess HIPAA exposure without always needing to escalate to legal
• Designed and operated a compliance review mechanism integrated into a product development or release process
• Translate HIPAA technical compliance requirements into actionable workstreams for engineering and product teams
• Deliver clear, precise compliance documentation , policies, checklists, audit evidence, deployment guides , for both technical and non-technical audiences
• Thrive in fast-paced, ambiguous environments where you're expected to build processes from scratch and keep them working under rapid product change
• Energized by being the organizational expert who educates and influences rather than only advises

Preferred Qualifications

• Worked in AI/ML or developer-platform companies and understand the unique challenges of PHI exposure in model inference and API environments
• HITRUST CSF experience or experience mapping HIPAA requirements to HITRUST controls
• Implemented or significantly contributed to compliance automation or GRC tooling integrations
• Relevant certifications (CHPC, HCISPP, CISA, CISM, CISSP, or equivalent)

What We Offer

• Annual compensation range: $255,000-$255,000 USD
• Minimum education: Bachelor's degree or an equivalent combination of education, training, and/or experience
• Required field of study: A field relevant to the role as demonstrated through coursework, training, or professional experience
• Minimum years of experience: Years of experience required will correlate with the internal job level requirements for the position
• Location-based hybrid policy: Currently, we expect all staff to be in one of our offices at least 25% of the time. However, some roles may require more time in our offices.
• Visa sponsorship: We do sponsor visas! However, we aren't able to successfully sponsor visas for every role and every candidate. But if we make you an offer, we will make every reasonable effort to get you a visa, and we retain an immigration lawyer to help with this.

How to Apply

If you're interested in this role, please submit your application through our website. We encourage you to apply even if you do not believe you meet every single qualification. Not all strong candidates will meet every single qualification as listed. Research shows that people who identify as being from underrepresented groups are more prone to experiencing imposter syndrome and doubting the strength of their candidacy, so we urge you not to exclude yourself prematurely and to submit an application if you're interested in this work.

XML job scraping automation by YubHub

You will design, build, and maintain detections that identify malicious activity across Stripe's infrastructure, applications, and cloud environments.

Responsibilities

• Design, build, and tune high-fidelity detections across modern SIEM platforms, covering adversary TTPs across the full attack lifecycle
• Develop detection hypotheses by researching TTPs, identifying evidence sources, and determining detection opportunities across available telemetry
• Conduct hypothesis-driven threat hunts to identify malicious activity, uncover detection gaps, and validate security controls
• Perform malware analysis and reverse engineering to extract indicators and inform detection strategies
• Build network-based detections (flow, pcap, protocol analysis) and endpoint-based detections (event logs, EDR telemetry, memory/file artifacts) across Windows, Linux, and macOS
• Partner with Threat Intelligence to operationalize intel reports into detections, hunting leads, and enrichment logic
• Collaborate with IR, SOC, and offensive security teams to validate and refine detections based on real-world incidents and red team exercises
• Build data pipelines, automation, and tooling that enable detection-as-code practices and scalable deployment
• Map detection coverage to MITRE ATT&CK, identifying and prioritizing gaps across key attack surfaces
• Lead projects, mentor teammates, and champion quality standards within the team

Requirements

• 5+ years of experience in detection engineering, threat hunting, or security operations
• Demonstrated experience writing detection logic in modern SIEM platforms (e.g., Splunk, Chronicle, Elastic, CrowdStrike NG-SIEM, Panther, Microsoft Sentinel)
• Strong understanding of adversary tradecraft across the attack lifecycle: initial access, privilege escalation, lateral movement, defense evasion, persistence, and exfiltration
• Ability to extract TTPs from threat intelligence reports and translate them into detection opportunities
• Experience developing network-based and endpoint-based detections across multiple OS platforms (Windows, Linux, macOS)
• Experience analyzing telemetry across endpoint, network, cloud (AWS/GCP/Azure), identity, and application log sources
• Proficiency in detection/query languages (SPL, KQL, EQL, YARA-L, SQL) and programming (Python or similar)
• Strong communication skills with the ability to document detection logic and explain findings to technical and non-technical audiences
• Adversarial mindset , understanding how attackers operate to build detections that catch real-world threats

Preferred Qualifications

• Experience in detection engineering or threat hunting within fintech, financial services, or highly regulated environments
• Background in malware analysis, reverse engineering, or threat research
• Experience with purple team operations , collaborating with offensive security to validate detections
• Familiarity with big data platforms (Databricks, Trino, PySpark) for large-scale log analysis
• Proficiency with AI/LLM-assisted development tools (Claude Code, Cursor, GitHub Copilot) applied to detection workflows
• Interest in agentic automation , using LLMs to augment hunting, tuning, or triage
• Experience with detection validation tools (Atomic Red Team, ATT&CK Evaluations)
• Contributions to open-source detection content, research, or conference presentations
• Relevant certifications such as HTB CDSA, GCIH, GCFA, GNFA, OSCP, TCM PMAT, or GREM

XML job scraping automation by YubHub

Anduril Industries is a defense technology company with a mission to transform U.S. and allied military capabilities with advanced technology. By bringing the expertise, technology, and business model of the 21st century's most innovative companies to the defense industry, Anduril is changing how military systems are designed, built, and sold.

As the world enters an era of strategic competition, Anduril is committed to bringing cutting-edge autonomy, AI, computer vision, sensor fusion, and networking technology to the military in months, not years.

ABOUT THE JOB

SDANet and other programs are standing up Lattice stacks on AWS and Azure environments to integrate with mission partners. In this role, you will be responsible for researching, understanding, and planning the deployment strategy into classified government cloud infrastructure. You will design cloud networking and engineering solutions to meet security, cost, and performance requirements, and deploy Anduril software into government infrastructure, promoting it through various stages.

A significant part of your duties will involve identifying and triaging Kubernetes issues in the deployed environment, developing response and mitigation plans, and partnering with government platform management to address these issues effectively. You will be tasked with designing and implementing requirements for observability, alerting, and maintenance to ensure smooth operations.

Additionally, you will deliver and maintain accreditation artifacts and standards for the environments and systems you are responsible for. You will stand up and maintain representative environments at the unclassified level for testing and development purposes, and provide direct in-person expertise during mission-critical periods.

Ensuring the deployed system meets security and compliance requirements through regular updates and host OS patching will also be part of your responsibilities. Your role is crucial to maintaining the integrity and performance of the deployed infrastructure.

REQUIRED QUALIFICATIONS

• 5+ years of working experience in DevOps or SRE type roles
• Strongly proficient in utilizing cloud services like AWS, Azure, or Google Cloud Platform
• Experience with IaC (Terraform, Cloudformation, Puppet, Ansible, etc)
• Strong experience with containerization technologies such as Docker and orchestration tools like Kubernetes and Helm
• Deep understanding of networking concepts, TCP/IP protocols, and security best practices
• Programming ability in one or more of the general scripting languages (Python, Go, Bash, Rust, etc)
• Strong problem-solving skills and the ability to work well under pressure
• Excellent communication and collaboration skills to work effectively with cross-functional teams and develop internal roadmaps based on the needs of other teams
• Experience deploying complex and scalable infrastructure solutions
• Relevant certifications such as AWS Certified Solutions Architect, Microsoft Certified Solutions Expert, or Google Cloud Certified Professional
• Currently possesses and is able to maintain an active U.S. Secret security clearance
• Eligible to obtain and maintain an active U.S. Top Secret security clearance

PREFERRED QUALIFICATIONS

• Extensive expertise in Kubernetes and Helm
• Hold a DoD 8570 IAT Level 1 or 2 certification
• Cisco Certified Network Associate (CCNA)
• Experience with government Cyber certification processes
• Experience installing, sustaining, and troubleshooting data systems for DoD or otherwise sensitive customers
• Familiarity with DoD-managed network enclaves (NIPR, SIPR, etc.)
• Military service background (particularly with Space experience)

US Salary Range $129,000-$171,000 USD

The salary range for this role is an estimate based on a wide range of compensation factors, inclusive of base salary only. Actual salary offer may vary based on (but not limited to) work experience, education and/or training, critical skills, and/or business considerations. Highly competitive equity grants are included in the majority of full-time offers; and are considered part of Anduril's total compensation package.

Additionally, Anduril offers top-tier benefits for full-time employees, including:

• Healthcare Benefits - US Roles: Comprehensive medical, dental, and vision plans at little to no cost to you.
• UK & AUS Roles: We cover full cost of medical insurance premiums for you and your dependents.
• IE Roles: We offer an annual contribution toward your private health insurance for you and your dependents.
• Income Protection: Anduril covers life and disability insurance for all employees.
• Generous time off: Highly competitive PTO plans with a holiday hiatus in December.
• Caregiver & Wellness Leave is available to care for family members, bond with a new baby, or address your own medical needs.
• Family Planning & Parenting Support: Coverage for fertility treatments (e.g., IVF, preservation), adoption, and gestational carriers, along with resources to support you and your partner from planning to parenting.
• Mental Health Resources: Access free mental health resources 24/7, including therapy and life coaching.
• Additional work-life services, such as legal and financial support, are also available.
• Professional Development: Annual reimbursement for professional development.
• Commuter Benefits: Company-funded commuter benefits based on your region.
• Relocation Assistance: Available depending on role eligibility.
• Retirement Savings Plan - US Roles: Traditional 401(k), Roth, and after-tax (mega backdoor Roth) options.
• UK & IE Roles: Pension plan with employer match.
• AUS Roles: Superannuation plan.

The recruiter assigned to this role can share more information about the specific compensation and benefit details associated with this role during the hiring process.

Protecting Yourself from Recruitment Scams

Anduril is committed to maintaining the integrity of our Talent acquisition process and the security of our candidates. We've observed a rise in sophisticated phishing and fraudulent schemes where individuals impersonate Anduril representatives, luring job seekers with false interviews or job offers. These scammers often attempt to extract payment or sensitive personal information.

To ensure your safety and help you navigate your job search with confidence, please keep the following critical points in mind:

• No Financial Requests: Anduril will never solicit payment or demand personal financial details (such as banking information, credit card numbers, or social security numbers) at any stage of our hiring process. Our legitimate recruitment is entirely free for candidates.

XML job scraping automation by YubHub

This is a highly visible, high-impact role where identity sits at the center of security. You will define how access is granted, changed, and removed across the organization, enabling business velocity while enforcing least privilege and strong governance.

Key responsibilities include:

Design and scale enterprise identity architecture that minimizes access sprawl and enforces least privilege

Own and improve Joiner, Mover, and Leaver (JML) lifecycle processes across all critical systems

Build and operate identity governance and administration (IGA) capabilities including birthright access models, role-based access control (RBAC), approval workflows and policy enforcement, access reviews and certification processes

Administer and enhance Okta capabilities (SSO, MFA, adaptive policies, lifecycle management, SCIM, integrations)

Build and scale access request workflows in Opal and integrated systems

Integrate new applications into the identity ecosystem (SAML, OIDC, SCIM, role mapping)

Develop automation and infrastructure-as-code to improve reliability and reduce manual effort

Partner with Security to strengthen identity as a core control plane (Zero Trust, authentication, authorization)

Align identity systems with PeopleOps and organizational changes

Monitor and improve identity system health, observability, and performance

Troubleshoot complex authentication, provisioning, and authorization issues

Maintain documentation, runbooks, and architectural standards

Serve as an escalation point for identity-related incidents

Drive continuous improvement in identity architecture, governance, and user experience

Requirements include:

7–10+ years of experience in IT systems engineering, identity engineering, or systems architecture

Deep hands-on experience with Okta in a complex enterprise environment

Strong expertise in identity and access concepts (SSO, MFA, SAML, OAuth, OIDC, SCIM, RBAC, Zero Trust)

Proven experience designing lifecycle automation (JML) and access governance frameworks

Experience with IGA or access request platforms such as Opal

Strong automation and infrastructure-as-code experience (Terraform, APIs, Python/PowerShell/Golang)

Ability to integrate enterprise applications into centralized identity platforms

Strong troubleshooting skills across identity, federation, and provisioning systems

Excellent communication skills with the ability to influence cross-functional stakeholders

Preferred qualifications include familiarity with Active Directory, Entra ID, HRIS systems, and SaaS ecosystems, experience building identity observability and reporting, and relevant certifications (Okta, cloud, or security).

Why CoreWeave?

At CoreWeave, we work hard, have fun, and move fast! We're in an exciting stage of hyper-growth that you will not want to miss out on. We're not afraid of a little chaos, and we're constantly learning. Our team cares deeply about how we build our product and how we work together, which is represented through our core values:

Be Curious at Your Core

Act Like an Owner

Empower Employees

Deliver Best-in-Class Client Experiences

Achieve More Together

Why This Role Matters

Identity is one of the most critical control planes in a modern enterprise. In this role, you will define how secure access is managed across CoreWeave, ensuring identity remains a foundational pillar of security, compliance, and scale.

The base salary range for this role is $188,000 to $275,000. The starting salary will be determined based on job-related knowledge, skills, experience, and market location. We strive for both market alignment and internal equity when determining compensation. In addition to base salary, our total rewards package includes a discretionary bonus, equity awards, and a comprehensive benefits program (all based on eligibility).

What We Offer

The range we've posted represents the typical compensation range for this role. To determine actual compensation, we review the market rate for each candidate which can include a variety of factors. These include qualifications, experience, interview performance, and location.

In addition to a competitive salary, we offer a variety of benefits to support your needs, including medical, dental, and vision insurance, company-paid life insurance, voluntary supplemental life insurance, short and long-term disability insurance, flexible spending account, health savings account, tuition reimbursement, ability to participate in employee stock purchase program (ESPP), mental wellness benefits through Spring Health, family-forming support provided by Carrot, paid parental leave, flexible, full-service childcare support with Kinside, 401(k) with a generous employer match, flexible PTO, catered lunch each day in our office and data center locations, a casual work environment, and a work culture focused on innovative disruption.

XML job scraping automation by YubHub

This opportunity is unique. Anthropic is expanding HIPAA coverage across its product portfolio , including Claude Code, the Claude Developer Platform, and Claude Cowork , and we need to build the compliance infrastructure to match that expansion. We are looking for someone to own HIPAA compliance operations end-to-end, not just advise on it.

Responsibilities:

Operate Anthropic’s HIPAA compliance review program, executing on HIPAA obligations across the product portfolio.

Run a dedicated HIPAA review track in parallel with the Product Security Review (PSR) process, applying compliance checklist to every in-scope change and recording a complete, auditable disposition before release.

Build and maintain change monitoring mechanisms to catch HIPAA-relevant changes , including default setting changes and incremental updates.

Partner with product and engineering teams upstream to ensure HIPAA considerations are built into first releases rather than addressed as post-launch remediations.

Assess and document PHI data flows, infrastructure boundaries, and control coverage across Anthropic’s cloud-native product environments.

Write, update, and enact HIPAA policies, checklists, deployment guides, and audit evidence packages.

Manage Business Associate Agreement (BAA) obligations and coordinate with legal and external counsel on PHI determination questions and emerging regulatory requirements.

Contribute to Anthropic’s broader compliance program, including adjacent frameworks (SOC 2, ISO 27001, NIST 800-53) where they intersect with HIPAA obligations.

You may be a good fit if you:

Have 3+ years of progressive experience in compliance roles, including direct ownership of a HIPAA compliance program at a technology company

Have evaluated PHI data flows and infrastructure boundaries in cloud-native environments (AWS, GCP, or Azure) and can assess HIPAA exposure without always needing to escalate to legal

Have designed and operated a compliance review mechanism integrated into a product development or release process

Can translate HIPAA technical compliance requirements into actionable workstreams for engineering and product teams

Deliver clear, precise compliance documentation , policies, checklists, audit evidence, deployment guides , for both technical and non-technical audiences

Thrive in fast-paced, ambiguous environments where you’re expected to build processes from scratch and keep them working under rapid product change

Are energized by being the organisational expert who educates and influences rather than only advises

Strong candidates may also:

Have worked in AI/ML or developer-platform companies and understand the unique challenges of PHI exposure in model inference and API environments

Have HITRUST CSF experience or experience mapping HIPAA requirements to HITRUST controls

Bring experience from high-growth technology companies where compliance programs had to scale alongside rapid product expansion

Have implemented or significantly contributed to compliance automation or GRC tooling integrations

Possess relevant certifications (CHPC, HCISPP, CISA, CISM, CISSP, or equivalent)

Candidates need not have:

Done everything on this list before , we value learning agility and willingness to tackle novel compliance challenges in the AI space

XML job scraping automation by YubHub

This role is responsible for the configuration, maintenance, monitoring, and continuous improvement of physical security systems to ensure the safety of personnel, facilities, and assets.

Key responsibilities include: Administering and maintaining cloud-based access control platforms, such as Verkada, Alta Access, and Feenics. Managing system configuration, including users, roles, credentials, schedules, door groups, and hardware devices. Supporting programming of access control systems for new construction and facility expansions, including panel configuration, reader assignments, door logic, alarm inputs/outputs, and elevator control integration. Overseeing system commissioning, functional testing, acceptance testing, and turnover documentation. Monitoring system health, troubleshooting hardware and software issues, and coordinating repairs with vendors. Maintaining security system documentation, including system architecture, SOPs, and access control policies. Ensuring compliance with company policies, industry standards, and regulatory requirements, such as ISO 27001, NIST 800, and FIPS. Supporting security audits and investigations by generating reports, reviewing logs, and analysing access data. Partnering with IT to ensure proper network configuration, cybersecurity controls, and secure cloud connectivity. Providing training and guidance to security staff and system users.

Qualifications include: 5+ years of experience administering enterprise physical security systems. Strong knowledge of access control hardware, including controllers, readers, locks, and panels. Experience with cloud-managed video surveillance systems. Understanding of networking fundamentals, including TCP/IP, VLANs, PoE, and firewalls. Familiarity with identity management concepts and role-based access control (RBAC). Experience supporting multi-site or distributed environments. Strong troubleshooting and analytical skills. Excellent written and verbal communication skills.

Preferred skills include: Ability to manage sensitive information with discretion. Knowledge of network architecture and cloud-based systems. Experience with enterprise access control platforms. Relevant certifications, such as Lenel, Verkada, CCure, Feenics, and Alta.

XML job scraping automation by YubHub

In this role, you will establish and test security guardrails for code, cloud resources, and infrastructure components throughout the Anchorage platform. You will monitor and respond to security events and configuration anomalies across the organization, leading investigation and containment efforts. You will manage the full vulnerability lifecycle from discovery through remediation, tracking progress and ensuring timely closure of findings.

You will lead or substantially contribute to Security Operations initiatives with minimal oversight, coordinating across team boundaries to drive projects to completion. You will break complex security problems into manageable workstreams with accurate scope and time estimates. Present options clearly and provide well-reasoned priority recommendations.

Deliver assurance artifacts and evidence for regulated entity requirements, supporting audit and compliance efforts. Balance speed of response with thoroughness of investigation, adapting approach based on risk and business impact.

You will understand and help implement the company's security strategy by participating in planning and defining Security Operations goals in alignment with Anchorage Digital's overall objectives. Stay alert to emerging threats, vulnerabilities, and industry trends that could affect organizational security posture.

Consider security holistically across the product ecosystem,applications, infrastructure, and third-party integrations,while fostering a security-first culture. Collaborate cross-functionally with Engineering, Infrastructure, and Compliance teams to embed security into development and operational processes.

Share knowledge broadly across the team through documentation, runbooks, and post-incident reviews, preventing single points of failure. Partner with engineering teams to explain security risks and remediation approaches, translating technical findings into actionable guidance.

Collaborate across teams to review security configurations, triage findings, and engage in technical discussions. Communicate insights and recommendations clearly to improve processes. Demonstrate empathy by understanding others' context, priorities, and constraints,adapting communication style to maximize effectiveness with both technical and non-technical audiences.

XML job scraping automation by YubHub

You will be responding to customer cybersecurity assessments and questionnaires with accuracy and timeliness. This involves coordinating with internal stakeholders to gather and verify information aligned with customer requirements, reviewing contracts and documentation to extract and modify relevant security and compliance data, and supporting the development and maintenance of internal processes and documentation for assessment responses.

Key responsibilities include identifying trends in customer requests and contributing to continuous process improvements, maintaining accurate records and knowledge base content to streamline future assessments, and providing feedback and metrics to executive management to enhance visibility and decision-making.

To succeed in this role, you will need an associate degree or higher in a relevant field, minimum of 2 years of professional experience in compliance, risk, legal, consulting, or operations, and excellent written English skills (C2 level).

The ideal candidate will be meticulous and detail-oriented, proactive and eager to learn, and an excellent communicator, both written and verbal. You will also be collaborative and comfortable working across cultures, adaptable to changing priorities and fast-paced environments, customer-focused with a strong sense of ownership, and resourceful and able to solve problems independently.

As a member of our global, cross-functional team dedicated to supporting customer cybersecurity assessments and compliance initiatives, you will collaborate closely with legal, operations, IT, and executive management to deliver high-quality security responses and drive continuous improvement.

XML job scraping automation by YubHub

In this role, you will own cloud security across GCP (primary) and supplemental environments in AWS and Azure, as well as containerized systems, SaaS platforms, and our multi-tenant AI infrastructure. You’ll improve our security posture through strong architecture, posture management, secure-by-default development practices, and close partnership with Engineering, Compliance, Security Architecture, and Platform teams.

This is a highly impactful, hands-on leadership role—perfect for someone who wants to solve complex security challenges at scale while influencing product, engineering, and go-to-market teams.

Cloud Security Engineering

• Lead configuration hardening across GCP, with additional oversight of workloads and integrations running in AWS and Azure.
• Own and optimise CSPM platforms across multi-cloud environments—establishing configuration baselines, guardrails, and remediation workflows.
• Secure critical SaaS platforms, ensuring proper configurations, access controls, and engineering integrations.
• Lead infrastructure vulnerability management across multi-cloud systems, containers, registries, and platform services.
• Enhance security across containerised and Kubernetes (GKE/EKS/AKS) workloads, including runtime protections, network policies, and workload identity.
• Assess secure logging configurations across cloud/SaaS providers, ensuring audit logs, retention, and routing meet monitoring and architecture needs.

Secure Development & Architecture Enablement

• Partner with engineering teams to make services secure by default, embedding security into development workflows, CI/CD pipelines, and cloud-native deployments.

Cross-Functional Responsibilities

• Collaborate with Security Monitoring, Compliance/GRC, Architecture, DevOps, Platform Engineering, and ML Infrastructure.
• Participate in communicating security advisories, best practices, and updates to Replit’s customers.
• Support incident investigations as a cloud security subject-matter expert.

Required Skills & Experience:

• 7+ years of experience in cloud engineering, with 3+ years in a senior or lead role.
• Hands-on experience with CSPM tools (Wiz, Lacework, Prisma, Orca, SCC, etc.).
• Deep expertise in GCP security (IAM, VPC, KMS, GKE, Cloud Logging).
• Experience securing and governing SaaS platforms and identity integrations.
• Operational experience with infrastructure vulnerability management across cloud and container environments.
• Working knowledge of AWS and/or Azure security services and configurations.
• Experience with container and Kubernetes security across GKE, EKS, or AKS.
• Strong IaC security experience with Terraform, Pulumi, or similar tooling.
• Familiarity with compliance standards (SOC 2, ISO 27001, PCI DSS).

Preferred Qualifications:

• Experience supporting engineering teams in building secure-first, cloud-native or PaaS environments.
• Background securing AI/ML pipelines, model-serving infrastructure, or developer platform services.
• Experience in high-growth technology or cloud-native product companies.
• Experience with securing AI/agentic systems and sensitive data pipelines.
• Automation/scripting with Python.
• Relevant certifications (e.g., GCP Professional Cloud Security Engineer, AWS/Azure security certs).

What We Value:

• Problem-solving mindset — Ability to break down complex security and operational challenges into clear engineering solutions.
• Autonomy — Comfortable leading initiatives, collaborating effectively, and driving outcomes with minimal oversight.
• Communication excellence — Able to translate deep technical concepts for engineers, executives, and enterprise customers.
• Continuous learning — Passion for staying current with AI security, cloud-native advances, and emerging threats.
• Automation-first approach — Belief in reducing operational toil and building scalable, self-healing systems.

Full-Time Employee Benefits Include:

• Competitive Salary & Equity
• 401(k) Program with a 4% match
• Health, Dental, Vision and Life Insurance
• Short Term and Long Term Disability
• Paid Parental, Medical, Caregiver Leave
• Commuter Benefits
• Monthly Wellness Stipend
• Autonomous Work Environment
• In Office Set-Up Reimbursement
• Flexible Time Off (FTO) + Holidays
• Quarterly Team Gatherings
• In Office Amenities

XML job scraping automation by YubHub

What you'll do

Internal Audit

• Partner with management to shape and implement the annual Internal Audit Plan, with a strong focus on cyber and technology, ensuring alignment with the Enterprise Risk Profile, strategic objectives, and key business priorities.
• Lead cyber and technology audits delivered by co-sourced partners, ensuring high-quality outcomes, strong business engagement, and seamless collaboration on hybrid audits.

What you need

• 8+ years’ experience in internal audit, including 3+ years in a leadership role, ideally within a global, multi-regional organization.

XML job scraping automation by YubHub