Cloud Security Engineer

Summary

Join ButterflyMX as a Cloud Security Engineer and play a vital role in protecting our clients', tenants', and employees' information assets. You will design, implement, and maintain robust security controls and processes across our technology stack. Lead cloud security engineering efforts, improve our security posture, and extend our detection and response capabilities. Drive security incident response, ensure compliance with industry standards, and evaluate new security technologies. This role requires 5+ years of experience in security engineering and expertise in cloud security, data security, and incident management. You will be a leader wearing multiple "security hats" and working in a fast-paced, agile environment.

Requirements

• 5+ years of security engineering experience building, managing & scaling security operations at a fast-paced, agile/dynamic, cloud native, technology-driven startup
• You enjoy working as a security engineer in organizations that develop software as a service &/or operate managed infrastructure & technology services for their own customers
• Experience securing a tech stack/solution that includes SaaS, Mobile, & IoT
• Experience working with cross-functional teams to identify & mitigate security, compliance & data privacy risks
• Proficiency with deploying, operationalizing & managing security solutions in a remote first organization, with a cloud tech stack built for providing SaaS
• AWS Security SME - experiential knowledge of securing EC2, S3, Lambda, EKS
• AWS Security Stack Experience - WAF, Inspector, Security Hub, GuardDuty, etc
• Security Overlay Solutions: EDR, SIEM, CNAPP/CSPM, DSPM, DLP, IDS/IPS
• Google Workspace, Apple, Windows, MDM, Secure Email Gateway
• Extensive experience & expertise across multiple security domains including cloud security, data security, network security, application security, incident management, threat/vulnerability/patch/configuration management, identity & access management
• Strong understanding of security best practices, frameworks, standards, & compliance requirements, & particularly how these apply to a startup environment through enterprise environments. Experience maturing security controls as an organization matures
• Experience maintaining SOC 2 Type II compliance & associated security controls within an organization
• Demonstrated technical expertise in implementing data privacy controls & safeguards to include facilitating the deployment of technical measures to ensure compliance with data privacy regulations such as GDPR & CCPA
• Experience automating security controls. Proven technical proficiency using Terraform & other infrastructure as code tools, with a strong track record of managing vulnerabilities in ephemeral cloud infrastructure environments
• Incident response management: Experience in developing & implementing incident response plans, conducting investigations, & managing security incidents effectively
• Demonstrated ability to educate an engineering audience about technical application security vulnerabilities, i.e., OWASP Top Ten, OWASP API Security Top 10
• Adept in a data-driven approach for decision-making & a risk-based mindset to prioritize & address security concerns effectively
• Customer focused & Solution oriented, Enthusiastic, Empathetic, Adaptable/Flexible, Bias for Action, Forward thinking, Optimistic, Trusted Advisor
• Everyone is a customer & everyone is on the security team
• A strong inclination to dive into the details, actively engaging in hands-on work
• Continuous improvement mindset. Pursues ongoing professional development, stays updated with emerging threats & technologies
• You must have the authorization to work in the US to become an employee

Responsibilities

• Design, implement, mature & maintain our robust security controls & processes across our technology stack to protect sensitive data & systems
• Lead cloud security engineering & associated vulnerability remediation efforts to improve the security posture & resiliency of ButterflyMX – prioritizing issues, implementing mitigations, & designing strategic preventative controls
• Extend our detection & response capabilities – building scalable solutions to identify malicious activity, triage alerts, & investigate & remediate incidents
• Drive security incident response efforts, including containment, investigation, recovery, post-incident analysis, lessons learned & ensuring remediation
• Ensure security controls are implemented to enable compliance with industry standards, regulations, frameworks,& best practices (e.g., SOC2, ISO, NIST, CIS, GDPR, CCPA)
• Evaluation, analysis & implementation of new security technologies & solutions to enhance the organization’s security posture
• Stay up-to-date with the latest security threats, technologies, & trends to proactively protect our systems
• Develop & conduct regular security awareness training & security education programs for employees
• Serve as a point of contact for customers & partners regarding security-related inquiries
• Foster a culture of security awareness & accountability throughout the organization

Preferred Qualifications

Industry certifications such as AWS Security Certified, CISSP, CCSP, CSSLP, GXPEN, OSCP, SANS Certifications, Burp Suite Certified, Security+, CEH, CIPP, CIPT

Benefits

• Comprehensive Medical (ButterflyMX covers 90% of the cost), Dental, and Vision plans (ButterflyMX covers 100% of the cost) starting day 1
• 401(k) plan with a match
• 13 paid holidays, 25 PTO days
• Paid Family Leave
• Employee Assistance Program
• Quarterly self-care stipends
• Access to optional benefits including pre-tax flexible healthcare spending accounts (FSA and HSA), Dependent Care FSA, and Commuter Benefits, as well as optional Supplemental Life, AD&D, Hospital Indemnity, Disability, Legal, Accident, Critical Illness, Pet, and Personal Liability Insurance