Remote Cloud Security Engineer

Description:

• ButterflyMX is seeking a Cloud Security Engineer to enhance the security of clients', tenants', and employees' information assets.
• The role involves maturing, building, scaling, and operationalizing the information security program.
• Responsibilities include designing, implementing, and maintaining security controls across the technology stack to protect sensitive data and systems.
• The engineer will lead cloud security engineering and vulnerability remediation efforts to improve security posture and resiliency.
• The position requires extending detection and response capabilities to identify malicious activity and manage incidents.
• The engineer will drive security incident response efforts, ensuring containment, investigation, recovery, and post-incident analysis.
• Compliance with industry standards and regulations such as SOC2, ISO, NIST, CIS, GDPR, and CCPA is essential.
• The role includes evaluating and implementing new security technologies to enhance the organization's security posture.
• Staying updated with the latest security threats and trends is crucial for proactive protection.
• The engineer will develop and conduct regular security awareness training for employees and serve as a point of contact for security-related inquiries.
• Fostering a culture of security awareness and accountability throughout the organization is a key responsibility.

Requirements:

• Candidates must have 5+ years of security engineering experience in a fast-paced, cloud-native startup environment.
• Experience in organizations that develop software as a service or operate managed infrastructure is required.
• The role requires flexibility and the ability to wear multiple hats, including Security Engineer, SOC Analyst, GRC Analyst, and Privacy Analyst.
• Experience securing a tech stack that includes SaaS, Mobile, and IoT is necessary.
• Proficiency in deploying and managing security solutions in a remote-first organization with a cloud tech stack is essential.
• Candidates should have expertise in AWS security, including securing EC2, S3, Lambda, and EKS.
• Familiarity with AWS Security Stack tools such as WAF, Inspector, Security Hub, and GuardDuty is required.
• Knowledge of security overlay solutions like EDR, SIEM, and DLP is important.
• Extensive experience across multiple security domains, including cloud security, data security, and incident management, is needed.
• A strong understanding of security best practices and compliance requirements, particularly in a startup environment, is essential.
• Experience maintaining SOC 2 Type II compliance and implementing data privacy controls is required.
• Candidates should have experience automating security controls and managing vulnerabilities in cloud environments.
• Incident response management experience, including developing incident response plans, is necessary.
• The ability to educate engineering teams about application security vulnerabilities is important.
• A customer-focused, solution-oriented mindset with a continuous improvement approach is required.
• Industry certifications such as AWS Security Certified, CISSP, and Security+ are preferred.

Benefits:

• ButterflyMX offers comprehensive medical coverage, with 90% of costs covered, and 100% coverage for dental and vision plans starting from day one.
• A 401(k) plan with a matching contribution is available.
• Employees receive 13 paid holidays and 25 PTO days annually.
• Paid Family Leave and an Employee Assistance Program are provided.
• Quarterly self-care stipends are included as part of the benefits package.
• Access to optional benefits such as flexible healthcare spending accounts, dependent care FSA, and various insurance options is available.
• Additional benefits include a commitment to diversity and inclusion, with reasonable accommodations offered during the application process.