Security Engineering Manager (Cloud & AppSec)

Security Engineering Manager (Cloud & AppSec)

Lead and grow the Security Engineering team while embedding security into the software development lifecycle.

Responsibilities

• Manage Security Engineering: lead the team, set priorities and operating rhythms, balance strategic security investments with day-to-day engineering support and incident response.
• Cloud security controls: design and implement security controls across cloud environments; continuously monitor and improve cloud posture.
• Secure SDLC: partner with engineering teams to embed security into development processes and delivery.
• Security governance: develop and maintain security policies, standards, and procedures aligned to SOC 2, GDPR, ISO 27001, FedRAMP, NIST, CIS, and MITRE ATT&CK.
• Risk communication: develop metrics and reporting to communicate risk and security posture to leadership.
• Data protection: apply DLP concepts (data classification, identification, and protection).
• Application Security leadership: help lead or closely partner on threat modeling, vulnerability management, and security reviews.

Requirements

• Strong technical depth in cloud security and application security with cross-functional partnership across engineering, infrastructure, and compliance.
• Knowledge of compliance standards and security frameworks: SOC 2, GDPR, ISO 27001, FedRAMP, NIST, CIS, MITRE ATT&CK.
• Deep understanding of AWS security architecture, IAM, cloud posture management, data security, and secure SDLC.
• Experience building security metrics/reporting for leadership.
• Familiarity with DLP.
• Strong written and verbal communication to explain security risks/tradeoffs to technical and non-technical stakeholders.
• 5+ years securing cloud-native systems and modern software delivery pipelines.
• 5+ years in cybersecurity; 5+ years securing AWS environments.
• Prior leadership experience (leading security engineers or acting as a technical lead in security).
• Bachelor’s degree in CS/Cybersecurity/Information Systems (or equivalent practical experience).

Nice to have / Preferred Tech

• AWS Certified Security – Specialty.
• CISSP or other relevant security certifications.
• Experience scaling security programs across engineering organizations.
• Broad security domain knowledge with specialization in areas such as incident management, detection engineering, response tooling, or logs/events processing.

Required / Mentioned Tools & Technologies

• AWS security services, IAM, cloud security monitoring and posture tools
• Terraform, GitLab, modern CI/CD security practices
• Mentioned platforms/tools: Crossplane, ArgoCD