Senior Security Engineer

Summary

Join JumpCloud's DevSecOps team as a Senior Security Engineer and contribute to building and maintaining secure infrastructure and software. You will lead the design and maintenance of security infrastructure, develop automation and reporting systems, collaborate with other teams, conduct threat model reviews, and mentor junior engineers. This remote role requires 5 hours of overlap with US Central Time and on-call availability. The ideal candidate possesses 5+ years of security engineering experience, strong software development skills, and experience with AWS or GCP. JumpCloud offers a collaborative environment and opportunities for professional growth.

Requirements

• 5 years of experience in the field of security engineering with an extensive background and experience in software development and architecture
• Production experience with AWS or GCP
• Comfortable writing Golang code
• Some familiarity in Terraform (HCL) and Kubernetes
• Experience with CI/CD tools, particularly GitHub Actions
• Strong written and oral communication skills, with the ability to convey complex security concepts
• You must overlap and work at least 5 hours within US Central Time business hours (e.g., 9:00 AM - 2:00 PM Central Time)
• You must be available for on-call (after hours) duties for any internal tools/services this new team might own
• You must be willing to support the Security Operations team during incidents in performing ad-hoc queries, forensics, etc
• You must be located in and authorized to work in the country noted in the job description to be considered for this role
• To be considered for a role at JumpCloud, you will be required to speak and write in English fluently

Responsibilities

• Lead the design and maintenance of infrastructure, including custom software and vendor integrations, to meet advanced security needs for Product and Infrastructure Security
• Develop and implement policy enforcement automation and comprehensive reporting systems
• Set up data ingestion, as needed, for the SIEM or other tooling
• Collaborate with DevOps and Developer Enablement teams outside of the US to embed security best practices and establish guardrails for developers
• Conduct and oversee threat model reviews of product features and architectures, providing strategic guidance
• Mentor and guide service/feature teams in secure software design principles

Preferred Qualifications

• Red teaming/internal pentesting
• Product Security (ProdSec)
• Including threat modeling and secure architecture design/review
• Authentication protocols (SAML, OAuth, LDAP, etc.)
• Mobile application security (iOS and Android)
• Open Policy Agent (OPA)
• Open source security tools
• Data pipeline tooling
• Certificate infrastructure
• Distributed systems
• Working on core OS (Windows, Mac, Linux) APIs

Benefits

Remote work