Senior Cloud Security Engineer

📋 Description

• • As a Senior Cloud Security Engineer at ServiceTitan, you will be instrumental in architecting, implementing, and maintaining the security posture of our cutting-edge cloud environments and next-generation applications. This high-impact role offers the opportunity to design and deploy advanced automated security controls, fortify multi-cloud infrastructure, and champion secure development practices across the entire organization. If you possess a deep passion for cloud security, DevSecOps principles, and a proactive approach to staying ahead of emerging cyber threats, this position places you at the forefront of technological innovation.
• • You will be responsible for integrating robust security measures directly into CI/CD pipelines, including platforms like GitHub, GitLab, Jenkins, and Azure DevOps. This involves evaluating, implementing, and managing pipeline-based security Infrastructure as Code (IaC) scanning tools to accurately identify and surface true risks. A key aspect of this role is building and optimizing developer feedback loops and automated remediation workflows, ensuring that software is inherently secure by default. You will develop and maintain automated scripts using Python, Bash, or PowerShell to streamline and enhance security processes, making them more efficient and effective.
• • In the realm of Identity and Access Management (IAM), you will construct and manage comprehensive IAM security controls across various cloud platforms. This includes rigorously assessing policies to enforce the principle of least privilege, ensuring that access is granted only to those who absolutely need it. You will also standardize the management, security controls, and lifecycle expectations for non-human identities, such as service accounts and API keys. Furthermore, you will govern the secure utilization of cloud identities, Application Programming Interfaces (APIs), and secrets management solutions, safeguarding critical credentials and access points.
• • Your responsibilities will extend to infrastructure security and hardening. You will develop and implement secure infrastructure baselines, establish effective vulnerability management processes, and define hardening standards across AWS, Azure, or GCP environments. A significant part of this will involve validating security configurations and leveraging IaC tools like Terraform, CloudFormation, or Bicep to ensure that infrastructure provisioning is repeatable, auditable, and inherently secure. You will also address high-impact infrastructure projects, including multi-cloud network isolation, the secure implementation of multi-tenant architectures, and the continuous remediation of identified misconfigurations.
• • For workload security, you will guide engineering teams on designing secure architectures for cloud-native applications, microservices, serverless functions, and Platform as a Service (PaaS) workloads. You will advance container and Kubernetes security by implementing runtime controls, ensuring supply-chain security, and conducting thorough configuration assessments. A forward-looking aspect of this role involves securing in-house and public AI/ML systems against cyber threats, adversarial attacks, and unauthorized access, ensuring that models and data pipelines are protected throughout their entire lifecycle.
• • Data security and privacy are paramount. You will ensure that sensitive cloud and AI data is appropriately encrypted, anonymized, and securely stored. This includes assessing and implementing strong encryption configurations, checkpoint encryption, and tokenization techniques to protect data both at rest and in transit. You will also develop and enforce policies that align data security and privacy measures with industry regulations, ethical standards, and organizational governance requirements, maintaining a strong commitment to compliance.
• • In monitoring, detection, and response, you will partner closely with the Security Operations team to enhance cloud application telemetry, logging, and observability. You will help expand monitoring capabilities by onboarding new log sources and building sophisticated detection rules for cloud-based threats. You will actively monitor and analyze security events using SIEM, Cloud Security Posture Management (CSPM), and Cloud Workload Protection Platforms (CWPP). Additionally, you will support the triage, investigation, and forensic analysis of cloud-based application or pipeline security incidents, collaborating effectively to contain and mitigate threats.