Remote Security Engineer (Product/Cloud Security)

Description:

• BlackCloak’s mission is to protect corporate executives and high-profile individuals in their personal lives, mitigating risks to their families, companies, reputation, and finances.
• As a Security Engineer, you will be part of BlackCloak’s internal technology team supporting corporate security, information technology operations, and compliance.
• This role is both hands-on and strategic, influencing and driving success for BlackCloak and its clients by designing, deploying, and supporting technology solutions for all areas of the business.
• You will champion the application security program strategy and implementation, including various controls towards a “shift-left” security model and the adoption of application security tools.
• You will assist in the maturation of the Secure SDLC, including threat modeling, security architecture, and secure code development training.
• You will work directly with developers to triage findings, provide remediation guidance, and foster a security-first culture.
• You will provide manual testing support for light red teaming, leading penetration tests, and validating security findings.
• You will partner with Engineering and DevOps to secure GCP and AWS environments and leverage Cloud Security tools to remediate discovered misconfigurations and vulnerabilities.
• You will develop and implement secure infrastructure baselines, vulnerability management processes, and hardening standards within the cloud environment.
• You will help expand monitoring capabilities within tools such as SIEM and CNAAP, including the implementation of required cloud architecture/logging.
• You will strengthen Zero Trust posture by expanding the usage of Cloudflare WARP and WAF.
• You will collaborate with the IT team to enhance endpoint security policies and support the design and implementation of IAM best practices.
• You will review, design, and implement new Security Tools and support administration across various security tools.
• You will assist in the development of new threat detections, playbooks, and automated response/remediation.
• You will support triage and response of security alerts and participate in the security on-call rotation.

Requirements:

• You must have 3-5 years of hands-on experience in a security engineering role, preferably within a cloud-native, startup environment.
• You should have experience building or contributing to a Secure SDLC program and leveraging application security tools.
• You must have demonstrated experience securing public cloud environments, with a strong preference for Google Cloud Platform (GCP).
• You should have hands-on experience with modern security tooling, including SAST/SCA, CNAPP, EDR, and SIEM platforms.
• You need a solid understanding of Zero Trust and IAM principles, with practical experience implementing solutions.
• Proficiency in at least one scripting language (e.g., Python, Bash) to automate security tasks and processes is required.
• You should possess excellent problem-solving skills and the ability to work collaboratively with both technical and non-technical teams.
• A proactive, "builder" mindset with a passion for improving processes and reducing risk is essential.
• Familiarity with Infrastructure as Code (IaC) and its security implications is preferred.
• Knowledge of compliance frameworks such as SOC 2, GDPR, and NIST CSF is beneficial.
• Familiarity with common application development languages such as Java or JavaScript is a plus.
• Understanding of system and architecture design principles, from code to cloud, is advantageous.
• Relevant industry certifications (e.g., GCLD, GCP Cloud Security Engineer, GCSA) are preferred.

Benefits:

• BlackCloak offers a competitive salary ranging from $100,000 to $140,000 a year, with final offer amounts determined by multiple factors.
• The company is 100% remote within the USA.
• Comprehensive Medical, Dental, and Vision plans are available, with a 100% employer-paid monthly premium option for employees and 50% for dependents.
• A Health Savings Account with company contribution is provided for eligible medical plans.
• Employees enjoy a flexible vacation plan and 10 paid company holidays.
• The company offers 100% employer-paid Life, AD&D, and Short- and Long-Term Disability Insurance.
• A 401k plan with Traditional and Roth options, including employer match, is available.
• Employees receive company equity and paid parental and pregnancy recovery leave.
• BlackCloak organizes company and team off-sites and virtual events throughout the year.
• A home office stipend is provided to support remote work.