Facebook pixel

Cloud Security Engineer
Posted on 12/2/2022
United States
Experience Level
Desired Skills
  • 5+ years of security engineering, platform engineering, or DevSecOps experience and an engineering mindset for building reliable and maintainable security infrastructure to support a large organization with CI/CD software engineering practices
  • Experience with most of the following: AWS security tools (GuardDuty, AWS Config, Cloudtrail), Terraform, Kubernetes, Containers, Open Policy Agent, Hashicorp Vault, SIEM
  • Excellent knowledge of the CVSS, MITRE ATTA&CK, and OWASP Top 10
  • Excellent practical understanding of AWS and its core services (VPC, EC2, RDS)
  • In-depth knowledge of security threats, applied cryptography, and risk assessments
  • Understanding of regulatory compliance concerns (GLBA, CCPA, PCI)
  • Proficiency in at least one of the following languages: Rust, Go, TypeScript, Ruby, or Python
  • Proficiency in modern security evaluation tooling (Burp, Wireshark, Kali et al.)
  • CCSK or CCSP (preferred)
  • The Triple H Factor: Hungry, Humble, Honest
  • An act-like-an-owner mentality. We have a bias toward taking action
  • Competitive cash
  • Benefits effective on day one
  • Early access to a high potential, high growth fintech
  • Generous stock option packages in an early-stage startup
  • Remote friendly (anywhere in the US) and office friendly - you pick the schedule
  • Flexible time off programs - vacation, sick, paid parental leave, and paid caregiver leave
  • 401(k) plan with match
  • Ensuring Secure SDLC practices are enforced via Infrastructure-As-Code (IaC) policies and developing other security tooling to ensure cloud security best practices
  • Analyzing, designing, and improving security controls for SaaS applications, cloud environments, and application platforms to mature the systems security posture
  • Assisting product teams with identifying misuse cases for features
  • Providing expertise around platform and cloud service security concerns during product development
  • Evaluating signals and threat intelligence to identify patterns, threats, and vulnerabilities across a wide range of SaaS and self-hosted systems
  • Implementing runtime security measures for container environments
  • Ensuring relevant audit and security logs are collected to a central location and exposed to the correct teams for triage, analysis, and incident response
  • Partnering with Engineering teams to develop remediations for vulnerabilities
  • Working with security and engineering teams to maintain a security architecture that provides security controls throughout all platforms to mitigate risk and meet business goals and regulatory requirements
  • Building a cloud security detection and response program leveraging automation
  • Training engineers and architects on secure platform design and operational practices
  • Actively participating in all facets of the incident response lifecycle
  • Building ONE's purple team practices
ONE Finance

201-500 employees

Financial optimization & savings platform
Company Overview
One's mission is to help millions of people save and grow their money. The company offers a free digital spending and saving account that organizes your money into different categories for saving, spending and sharing.