Security Engineer, Cloud Security
Red Cell PartnersSalary not specified
Full Time
Senior (5 to 8 years), Expert & Leadership (9+ years)
$205,000 – $225,000Compensation
Senior (5 to 8 years)Experience Level
Full TimeJob Type
UnknownVisa
Technology, SecurityIndustries
Requirements
- Hands-on expertise securing AWS workloads, multi-account architectures, and VPC design
- 5+ Years of Experience
- Deep knowledge of IAM policy design, role-based access control, and least-privilege enforcement
- Experience hardening container images and Kubernetes/EKS clusters, plus familiarity with container runtime security
- Strong scripting skills in Python, Go, or similar for automation and tooling integration
- Experience performing security risk assessments and threat modeling for new services
- Familiarity with AWS security tooling (GuardDuty, Config, Security Hub, Macie, Access Analyzer)
- Excellent written and verbal communication skills and the ability to educate engineers on secure practices
- A desire to learn Terraform and implement IaC security scans in CI/CD
- Autonomous and highly organized, thriving in a fast-moving environment
- Passionate about enabling secure cloud engineering without blocking developer velocity
- Intellectually curious, always experimenting with new cloud security tooling and best practices
- A clear, concise communicator who can translate complex security topics for diverse stakeholders
Responsibilities
- Design and enhance AWS security controls (IAM, VPC, Security Groups, S3, RDS, Lambda) while deploying and managing native services (GuardDuty, Security Hub, Config, CloudTrail, IAM Access Analyzer) for ongoing detection and compliance
- Integrate automated security guardrails into CI/CD pipelines (GitHub Actions) for IaC, container images, and serverless deployments
- Leverage and pioneer AI tools (ChatGPT, Claude, GitHub Copilot, etc.) to automate routine security tasks, generate infrastructure code, analyze threat patterns, streamline compliance reporting, accelerate vulnerability assessments, and optimize overall security automation and productivity
- Conduct threat modeling and risk assessments (STRIDE or other models) to identify gaps and prioritize mitigations
- Automate security compliance reporting against frameworks such as CIS Benchmarks and NIST 800-53 using IaC and policy-as-code (e.g., Open Policy Agent)
- Collaborate with infrastructure and product engineering teams to embed security early and unblock delivery velocity
Skills
Key technologies and capabilities for this role
Questions & Answers
Common questions about this position
What is the salary range for this position?
The salary range is $205K - $225K.
Is this role remote or onsite, and what are the office requirements?
This is an onsite position requiring 4 days a week (Monday-Thursday) in the San Francisco HQ office.
What skills and experience are required for this role?
Candidates need 5+ years of experience with hands-on expertise securing AWS workloads, multi-account architectures, VPC design, deep knowledge of IAM policy design, role-based access control, least-privilege enforcement, and experience hardening containers. They should also be experienced in leading complex projects, mentoring peers, and making architectural contributions.
What is the company culture like at Envoy?
Envoy's engineering organization is scaling rapidly, loves driving innovation through hack projects, challenges the status quo, and fosters a fast-moving environment where engineers thrive autonomously while collaborating across teams.
What makes a strong candidate for this role?
Strong candidates are autonomous, highly organized, passionate about secure cloud engineering without blocking velocity, intellectually curious about new tooling, clear communicators, and come from senior roles with experience leading projects, mentoring, and architectural contributions.
Envoy
Workplace technology for visitor and space management
About Envoy
Envoy provides a platform that improves safety, flexibility, and guest experiences in office settings. Its main services include visitor management, which simplifies the check-in process for guests, and workplace management, which helps organizations use their space more effectively while adhering to safety standards. The platform allows for visitor pre-registration, health questionnaires, desk booking, and offers real-time analytics to enhance the workplace experience. Envoy operates on a subscription model with tiered pricing to meet the needs of various clients, including corporate offices and co-working spaces. What sets Envoy apart from competitors is its focus on user-friendly design and comprehensive functionality, addressing the increasing demand for secure and adaptable workplace solutions. The company's goal is to create a seamless and secure environment for businesses, especially in light of changing work patterns and heightened health concerns.
San Francisco, CaliforniaHeadquarters
2013Year Founded
$194.7MTotal Funding
SERIES_CCompany Stage
Enterprise Software, HealthcareIndustries
201-500Employees
Benefits
Health Insurance
Dental Insurance
Vision Insurance
401(k) Company Match
Paid Vacation
Paid Sick Leave
Paid Holidays
Risks
Increased competition from startups offering similar solutions at lower costs threatens market share.
Data privacy concerns may arise from managing sensitive visitor and employee information.
Economic downturns could reduce corporate investment in workplace technology, affecting revenue.
Differentiation
Envoy offers a comprehensive platform integrating people, spaces, and data for workplace management.
The company provides unique features like data-enriched workplace maps and dynamic space recommendations.
Envoy's focus on security solutions includes visitor recognition and self-serve mobile sign-in.
Upsides
Envoy's new features enhance space utilization and employee experience for return-to-office success.
The appointment of experienced leaders like George Mogannam and Cormac Twomey boosts growth potential.
High workspace utilization correlates with 38% higher employee retention and 24% revenue growth.
Related Jobs
RemoteRemotePrincipal DevSecOps Engineer
Second Front SystemsSalary not specified
- Full Time
- Senior (5 to 8 years)
RemoteSecurity Architect
EarnestSalary not specified
- Full Time
- Expert & Leadership (9+ years)
RemoteStaff Cloud Security Engineer
Assured$190,000 - $220,000/year
- Full Time
- Senior (5 to 8 years)
RemoteDetection & Response Engineer III - NG-SIEM (Remote)
CrowdstrikeSalary not specified
- Full Time
- Senior (5 to 8 years)
RemoteCompliance Engineer
Flock Safety$176,000 - $220,000/year
- Full Time
- Senior (5 to 8 years)
RemoteSenior Cloud Architect - Remote US
Altera Digital HealthSalary not specified
- Full Time
- Senior (5 to 8 years), Expert & Leadership (9+ years)