Staff Cloud Security Engineer

Role overview

You’ll be a Staff Cloud Security Engineer responsible for securing the Temporal cloud environment. You’ll partner with product and engineering teams to embed security into cloud infrastructure design and architecture, and lead ongoing threat modeling, risk assessment, and security posture management across multi-cloud systems.

Key missions

• Integrate security principles into cloud infrastructure design and architecture with product and engineering teams.
• Perform threat modeling and risk assessments to identify vulnerabilities and potential attack vectors in a multi-cloud, multi-tenant environment.
• Manage cloud security posture using Wiz, including:
  • detection of misconfigurations
  • compliance monitoring
  • remediation and follow-through
• Stay current on emerging cloud security standards and practices.

Responsibilities

• Own security assessments that translate into architectural and infrastructure improvements.
• Drive secure patterns for secrets management, encryption, and data protection.
• Improve Kubernetes security posture through auditing and hardening.
• Promote strong security concepts to both technical and non-technical stakeholders.
• Collaborate closely with engineering to apply security expertise to security posture and infrastructure access.

Requirements

• 5+ years in cloud security or a related role.
• Experience with secrets management at scale, e.g. HashiCorp Vault or AWS Secrets Manager.
• Familiarity with payload encryption patterns (e.g., codec servers) for protecting sensitive workflow data.
• Deep understanding of application architecture and design principles, with the ability to identify vulnerabilities across multiple programming languages.
• Kubernetes security posture management and auditing, including:
  • workload hardening
  • RBAC design
  • admission control
• Go proficiency (Temporal’s primary server/SDK language); familiarity with Python.
• Experience with multi-tenant security architecture, including data plane isolation, control plane hardening, and prevention of cross-tenant data leakage.
• Strong knowledge of gRPC security, mTLS, and service mesh architectures (e.g., Istio, Envoy).
• Excellent communication and ability to explain complex security concepts to non-technical stakeholders.
• Bachelor’s degree in CS/Cybersecurity (or equivalent experience).

Nice to have

• Strong opinions and experience around the use of AI in assessments, threat models, and penetration testing.
• Security conference talks or published research.
• Expertise in AppSec, CorpSec, or GRC.
• Open source automation or automation projects.
• Experience with FedRAMP, SOC 2 Type II, or ISO 27001 in the context of cloud-native SaaS.
• Prior experience with Temporal/Cadence or similar workflow orchestration platforms, including workflow history, replay semantics, and scheduling internals.