Senior Cyber Security Engineer

About the Role

Abnormal AI is looking for a Senior Cyber Security Engineer to help build the next generation of security capabilities at scale. This is a senior IC-level role that blends deep technical security expertise with strong engineering fundamentals. You’ll focus on building integrations between infrastructure and security tooling, automating security workflows, and partnering with cloud and platform engineering teams to harden our cloud environment.

As a technical lead, you will own the architecture and development of systems that enhance both preventative guardrails and detective capabilities while ensuring security is a partner to our stakeholders. You’ll mentor junior engineers, act as a technical liaison across teams, and contribute directly to keeping our platforms and customers secure.

This is a role for engineers who are intellectually curious and motivated to bridge the gap between security principles and engineering execution.

Who you are

• An intellectually curious, solution-focused engineer with a security mindset who thrives in fast-paced environments
• A technical leader who can architect scalable security solutions while maintaining engineering velocity
• Someone who thinks like an attacker but builds like a defender - understanding both offensive and defensive security principles
• A collaborative engineer who can translate security requirements into actionable engineering tasks
• A mentor who enjoys teaching security best practices and automation techniques to junior engineers

What you will do 

• Lead threat modeling and security design discussions with platform teams by translating risks into engineering actions.
• Collaborate with Platform, Infra, and DevOps teams to build scalable preventative controls via Infrastructure-as-Code (primarily Terraform, with CloudFormation experience welcome).
• Evaluate and uplift security tooling across commercial and cloud-native capabilities by focusing on scale, efficiency, and precision.
• Mentor and support junior engineers on automation best practices, secure architecture, and tooling integrations.
• Design and deploy automation workflows to correlate signals, enrich alerts, and auto-remediate known failure patterns.
• Architect, build, and maintain integrations between cloud-native infrastructure and security tooling (e.g., SIEM, SOAR, IAM tooling).
• Serve as a hands-on technical contributor during security incidents by tracing system-level behavior and enhancing response processes.
• Stay current with emerging AI platforms, evaluating them for business applicability and integration.

Must Haves 

• Proven delivery in security engineering or infrastructure security roles, ideally in cloud-native environments.
• Hands-on experience with AWS Native tooling (IAM, KMS, Config, Lambda, EKS) and working knowledge of Azure and GCP.
• Strong scripting and dev skills in Python and/or Go; proficiency with Git, Linux, and infrastructure automation patterns.
• Expertise in integrating or building tooling for SIEM, SOAR, vulnerability management, and CSPM platforms.
• Experience deploying security controls via Infrastructure-as-Code (Terraform or CloudFormation).
• Comfortable investigating logs, tracing events, and contributing to incident analysis workflows.
• Proven ability to influence and collaborate cross-functionally with engineering, infra, and IT.
• Strong written communication and documentation skills and being able to convey complex designs clearly.
• Background with using and securing container orchestration (Kubernetes), including workload security and service mesh controls.

Nice to Have 

• Experience working in fast-paced or startup environments with sometimes ambiguous ownership lines.
• Familiarity with JavaScript or TypeScript, particularly in the context of DevOps tooling or plugins.
• Hands-on experience with commercial Cloud Security tools (CNAPP, CSPM, DSPM, KSPM)
• Partner with cloud infrastructure teams to implement and maintain security controls across AWS accounts and services. 
• Prior experience building security telemetry pipelines or log correlation frameworks.
• Exposure to compliance frameworks (SOC 2, ISO 27001) and how engineering decisions affect auditability.
• Familiarity with CI/CD systems and integrating security checks into developer workflows.

This position will require access to technology, software and other information that is subject to governmental access control restrictions, due to export controls, security classification and/or designation as Controlled Unclassified Information.  Employment in this position is conditioned on the continued availability of government authorization to access such items, to the extent required, including without limitation a security clearance, export license, or other documentation required to establish authorization to access to such items. 

Abnormal AI may delay commencement of employment, rescind an offer of employment, terminate employment, and/or modify job responsibilities, compensation, benefits, and/or access to Abnormal AI information systems, as it deems appropriate, in order to ensure compliance with applicable government access control restrictions.