Come work at a place where innovation and teamwork come together to support the most exciting missions in the world!
About the Role
We're seeking a Lead Cloud Security Engineer to join our Product Security team’s Cloud Infrastructure Security wing, where you'll play a critical role in building and maintaining security infrastructure that prevents issues before they become incidents. Working closely with our leads across Qualys, you'll design and implement security controls, automation, and policies that protect our cloud-native products at scale.
What You'll Do
Cloud Security Engineering
Design, implement, and maintain security controls for Kubernetes environments across multiple clusters
Develop and optimize Infrastructure as Code (IaC) security patterns using tools like Terraform and CloudFormation
Build and enforce Policy as Code frameworks to ensure consistent security posture across cloud platforms
Create and maintain security policies for Platform-as-a-Service (PaaS) offerings
Conduct security reviews of cloud architecture as well as services, recommend hardening measures, and drive adoption through IaC and PaC.
Cloud Security Posture Management (CSPM)
Write/ create appropriate security policies
Review the CSPM findings and work with appropriate stakeholders to get the findings remediated.
Quarterly posture assessment presentation with the stakeholders
Process Automation
Develop automation solutions to streamline security workflows and eliminate manual security tasks
Build security tooling and integrations that enable product teams to shift security left
Create automated compliance checks and remediation workflows
Implement security testing automation within CI/CD pipelines
Design self-service security capabilities that empower engineering teams
Security Analysis
Perform in-depth security assessments of applications, infrastructure, and cloud environments
Analyze security telemetry and metrics to identify trends and potential vulnerabilities
Investigate security findings and provide detailed remediation guidance
Conduct threat modeling for new features and architecture changes
Evaluate emerging security technologies and recommend adoption strategies
What You Bring
Required:
7+ years of experience in security engineering, with significant focus on cloud security
Experience in managing/ writing policies in any of the industry leading CSPM platform
Proficiency in Policy as Code frameworks (OPA/Rego, Sentinel, or similar)
Deep understanding of the cloud services and workloads security.
Hands-on experience with major cloud platforms (AWS, Azure, or GCP)
Strong experience with Infrastructure as Code tools like HELM and security best practices
Deep expertise in Kubernetes security (RBAC, network policies, pod security, admission controllers)
Programming/scripting skills in Python, Go, or similar languages for automation
Strong understanding of container security and orchestration
Experience with security automation and DevSecOps practices
Excellent problem-solving skills and ability to work independently
Preferred:
Experience with Qualys’s Total Cloud platform
Experience with REGO, Python
Experience with Terraform
Experience with security scanning tools (SAST, DAST, SCA, container scanning)
Knowledge of compliance frameworks (SOC 2, ISO 27001, PCI DSS)
Contributions to open-source security projects
Relevant security certifications (CCSP, CCSK, CKS, or equivalent)
Experience in product security or application security role
Why Join Us
You'll be part of a team that operates at the intersection of security, engineering, and product development. We believe in preventing problems before they occur through smart automation, robust architecture, and proactive security practices. You'll have the opportunity to work with cutting-edge cloud technologies while making a tangible impact on product security at Qualys.
