Senior Cloud Security Engineer

📋 Description

• • Own the end-to-end security architecture for Checkr’s multi-cloud, multi-region infrastructure that processes millions of background checks every month for marquee customers like DoorDash, Lyft, and Coinbase. You will design, build, and continuously improve the controls that protect highly sensitive PII, driving the company’s reputation as the most trusted screening platform in the gig and enterprise economy.
• • Lead threat-modeling sessions with engineering squads, translating complex compliance requirements (SOC 2, ISO 27001, FedRAMP, PCI-DSS) into concrete, automatable security patterns. Your blueprints will become the golden templates used by 200+ developers, reducing time-to-production for new services while raising the security bar.
• • Build and tune cloud-native detection and response capabilities using AWS GuardDuty, GCP Security Command Center, and custom Python/Go Lambdas. You will reduce mean-time-to-detect (MTTD) from hours to minutes and mean-time-to-respond (MTTR) from days to hours, directly lowering customer risk exposure.
• • Drive zero-trust initiatives: roll out BeyondCorp-style access controls, enforce workload identity with SPIFFE/SPIRE, and replace static VPNs with dynamic, policy-driven network segmentation. Your work will eliminate lateral-movement paths and satisfy stringent enterprise procurement questionnaires.
• • Automate security guardrails via Infrastructure-as-Code (Terraform, CloudFormation, Pulumi) and policy-as-code (OPA, Sentinel). Every pull request will be evaluated against CIS benchmarks and custom Checkr policies, preventing misconfigurations before they reach production.
• • Establish secure CI/CD pipelines that integrate SAST, DAST, container scanning, and secrets detection into GitHub Actions. You will cut vulnerability backlogs by 40 % and give developers real-time feedback instead of end-of-sprint surprises.
• • Partner with Legal, Compliance, and Privacy teams to embed privacy-by-design into new product features. You will conduct DPIAs, map data flows, and implement encryption-at-rest and in-transit strategies that exceed GDPR and CCPA expectations.
• • Mentor junior security engineers and run internal “purple-team” exercises, cultivating a culture where security is everyone’s responsibility. Your lunch-and-learns will demystify cloud security for product managers and designers, turning skeptics into champions.
• • Own incident-response tabletop drills and post-mortems for high-severity events. You will refine runbooks, drive blameless retrospectives, and present executive-level summaries that influence quarterly OKRs and budget allocations.
• • Continuously evaluate emerging technologies—Confidential Computing, eBPF runtime security, AI-driven anomaly detection—and craft 6- and 18-month roadmaps that keep Checkr ahead of adversaries and auditors alike.