Member of Technical Staff, Security/DevSecOps at Envoy

San Francisco, California, United States

Apply Now

Not SpecifiedCompensation

Senior (5 to 8 years)Experience Level

Full TimeJob Type

UnknownVisa

TechnologyIndustries

Requirements

Successful candidates often come from senior engineering roles and are experienced in leading complex projects, mentoring peers, and making architectural contributions across teams (L3 opportunity)
Autonomous and highly organized, thriving in a fast-moving environment
Passionate about enabling secure cloud engineering without blocking developer velocity
Intellectually curious, always experimenting with new concepts/tools

Responsibilities

Design, implement, and continuously improve security controls in AWS, including IAM policies, VPC network segmentation, Security Groups, and secure service configuration (e.g., S3, RDS, Lambda)
Own WAF management (Cloudflare WAF) — authoring rules, tuning managed rulesets, and monitoring attacks
Integrate automated security guardrails into CI/CD pipelines (GitHub Actions) for IaC, container images, and serverless deployments
Implement and enforce Infrastructure-as-Code (IaC) security scanning using tools such as tfsec, Trivy, Checkov, or Terrascan, with gating for critical findings
Lead container and orchestration security for Docker and Kubernetes/EKS, including image scanning, admission controls, runtime monitoring (Falco), and benchmark enforcement (kube-bench)
Establish and operate secrets-management best practices using tools like HashiCorp Vault, AWS Secrets Manager, or SOPS, ensuring least-privilege access
Deploy, tune, and maintain AWS security services — GuardDuty, Security Hub, Config, CloudTrail, IAM Access Analyzer — for continuous detection and compliance
Conduct cloud threat modeling and risk assessments (STRIDE, AWS Well-Architected Framework) to identify gaps and prioritize mitigations
Automate security compliance reporting against frameworks such as CIS Benchmarks and NIST 800-53 using IaC and policy-as-code (e.g., Open Policy Agent)
Collaborate with infrastructure and product engineering teams to embed security early and unblock delivery velocity

Skills

Key technologies and capabilities for this role

AWSDevSecOpsCI/CDCloud SecurityInfrastructure Security

Questions & Answers

Common questions about this position

Is this position remote or onsite?

This is an onsite position requiring 4 days a week (Monday-Thursday) in the San Francisco HQ office.

What is the salary for this role?

This information is not specified in the job description.

What skills and experience are required for this position?

The role requires experience in AWS security controls (IAM, VPC, Security Groups), WAF management with Cloudflare, integrating security into CI/CD pipelines using GitHub Actions, IaC security scanning with tools like tfsec or Trivy, and container/Kubernetes security for Docker and EKS. Successful candidates come from senior engineering roles with experience leading complex projects, mentoring peers, and making architectural contributions.

What is the company culture like at Envoy?

Envoy fosters innovation through hack projects, challenges the status quo, and aims to build the Office OS, while creating intuitive technology that employees enjoy using to foster community and togetherness.

What makes a strong candidate for this role?

Strong candidates are from senior engineering roles, experienced in leading complex projects, mentoring peers, making architectural contributions across teams, and have expertise in cloud security, DevSecOps, AWS, CI/CD, IaC, and container security. This is an L3 opportunity suited for exceptional engineers ready to join a rapidly scaling team.

Envoy

Workplace technology for visitor and space management

About Envoy

Envoy provides a platform that improves safety, flexibility, and guest experiences in office settings. Its main services include visitor management, which simplifies the check-in process for guests, and workplace management, which helps organizations use their space more effectively while adhering to safety standards. The platform allows for visitor pre-registration, health questionnaires, desk booking, and offers real-time analytics to enhance the workplace experience. Envoy operates on a subscription model with tiered pricing to meet the needs of various clients, including corporate offices and co-working spaces. What sets Envoy apart from competitors is its focus on user-friendly design and comprehensive functionality, addressing the increasing demand for secure and adaptable workplace solutions. The company's goal is to create a seamless and secure environment for businesses, especially in light of changing work patterns and heightened health concerns.

San Francisco, CaliforniaHeadquarters

2013Year Founded

$194.7MTotal Funding

SERIES_CCompany Stage

Enterprise Software, HealthcareIndustries

201-500Employees

Benefits

Health Insurance

Dental Insurance

Vision Insurance

401(k) Company Match

Paid Vacation

Paid Sick Leave

Paid Holidays

Risks

Increased competition from startups offering similar solutions at lower costs threatens market share.

Data privacy concerns may arise from managing sensitive visitor and employee information.

Economic downturns could reduce corporate investment in workplace technology, affecting revenue.

Differentiation

Envoy offers a comprehensive platform integrating people, spaces, and data for workplace management.

The company provides unique features like data-enriched workplace maps and dynamic space recommendations.

Envoy's focus on security solutions includes visitor recognition and self-serve mobile sign-in.

Upsides

Envoy's new features enhance space utilization and employee experience for return-to-office success.

The appointment of experienced leaders like George Mogannam and Cormac Twomey boosts growth potential.

High workspace utilization correlates with 38% higher employee retention and 24% revenue growth.

Land your dream remote job 3x faster with AI

Try Jobo Free