Senior Security Engineer – Cloud & Platform Security

unlimited holidays - extra parental leave - work from anywhere
Work set-up: 
Full Remote
Contract: 
Full time
Experience: 
Senior (5-10 years)
Work from: 
Canada

Offer summary

Qualifications:

7+ years of experience in security engineering or related roles., Expertise in AWS security architecture, IAM, and multi-tenant SaaS security., Hands-on experience with containers, orchestration frameworks, and automation scripting., Strong understanding of cloud security frameworks, compliance standards, and incident response. .

Key responsibilities:

  • Design and enforce security baselines for AWS and cloud infrastructure.
  • Develop and integrate automated security controls into CI/CD pipelines.
  • Lead incident response and threat detection strategies for cloud environments.
  • Collaborate with SRE teams to align security and reliability practices.

CaptivateIQ logo
CaptivateIQ Scaleup https://www.captivateiq.com
201 - 500 Employees
See all jobs

Job description

CaptivateIQ is the leading Sales Performance Management solution, recognized by Forrester and G2, and trusted by customers including Affirm, Gong, and Figma. With solutions for Sales Planning and Incentives, we help revenue teams automate processes, hit revenue targets, and adapt with business change, ultimately driving efficient growth. Its time to rethink ROI your return on incentives with CaptivateIQ.

With backing from Sequoia, Accel, ICONIQ, Sapphire Ventures, and other leading investors, CaptivateIQ is on a mission to enable every company to improve their return on incentives and sales planning.

Come and see why Glassdoor and Comparably have recognized CaptivateIQ as a best place to work!

About the role:
Security is a core value at CaptivateIQ. As we scale and evolve our platform, building security into the foundation of our infrastructure and cloud services is essential to ensuring trust and resilience at every layer of our environment.

As a Senior Security Engineer focused on Cloud & Platform Security, you will be responsible for securing the foundation of our SaaS platform designing and implementing scalable security controls across our cloud infrastructure and platform development lifecycle. You will evaluate and improve our AWS cloud security posture, manage Cloud Security CNAPP tooling (CSPM, CWP, CIEM, DSPM), and implement threat detection and monitoring strategies. You’ll also lead incident response for infrastructure security events and drive compliance readiness across our cloud environment.

This highly technical role is ideal for an engineer who thrives in cloudnative environments, understands modern DevSecOps practices, and brings deep expertise hardening multitenant SaaS architectures and partnering with SRE teams.


Responsibilities:
  • Cloud Security Architecture & Posture Management Design and enforce security baselines for AWS services, network segmentation, containerized workloads, and IAM. Leverage modern cloud security technologies to monitor for configuration drift and anomalous activity.
  • Secure CICD Enablement Embed automated security controls into build and deployment pipelines and enforce secure infrastructureascode practices (Terraform).
  • Cloud Threat Detection & Monitoring Develop and tune detection logic for cloud and infrastructure threats; integrate logs with SIEM for security observability.
  • Identity & Access Governance Implement least privilege, zerotrust principles, and centralized access governance across infrastructure and internal tools.
  • Vulnerability Management Own vulnerability identification, prioritization, and remediation for infrastructure components and dependencies.
  • Incident Response Leadership Act as a primary technical lead for cloudinfrastructure security incidents and root cause analysis.
  • Compliance Alignment Contribute to security audits, control validation, and evidence collection for SOC 2, ISO 27001, and other frameworks.
  • CrossTeam Enablement Partner with SRE to ensure reliability and security guardrails align without slowing delivery.


  • Requirements:
  • 7+ years of experience in a security engineer or related role, including 4+ years specializing in cloud and infrastructure security.
  • Advanced expertise of AWS security architecture, IAM, ZTNA, and secure multitenant SaaS designs.
  • Strong communication and ability to influence technical decisions across teams.
  • Handson experience securing containers and orchestration frameworks (Docker, ECS, Kubernetes).
  • Strong programming and scripting skills (Python preferred) for automation and tooling.
  • Experience integrating security into CICD pipelines and infrastructureascode environments.
  • Deep understanding of detection strategies, logging, and incident response for cloud workloads.
  • Proven ability to lead incident response for cloud and infrastructure security events.
  • Familiarity leveraging CloudNative Application Protection Platform (CNAPP) tooling.
  • Knowledge of compliance frameworks (SOC 2, ISO 27001) and cloud security benchmarks (CIS, CSA CCM).

  • Benefits:
  • (USONLY) 100% of medical, dental, and vision covered including 75% for dependents
  • Flexible vacation days and quarterly mental health days so you can recharge
  • Enjoy a onetime expense on your 1year work anniversary (to use for travel, home furnishings, fancy meal)
  • (USONLY) 401k plan to participate in and save towards the future
  • Newest Apple products to help you do your best work
  • Employee Resource Groups (ERGs) to support and celebrate the shared identities and life experiences of communities within CaptivateIQ. ERGs directly support our companywide DEI goals as a space for developing and retaining diverse talent

  • Notice to Prospective Candidates:
  • Only emails from @captivateiq.com should be trusted.
  • We are aware of active recruitment scams using the CaptivateIQ name, in which individuals pose as our recruiters and post fake remote job openings and make fake job offers on the Internet. Please note, we will never do the following:
  • Attempt to correspond with a candidate using a free webbased account, such as an email address that ends in @gmail.com, @yahoo.com, @hotmail.com, etc.
  • Make an offer of employment without conducting multiple rounds of interviews facetoface using secure videoconferencing technology.
  • Ask candidates to cash checks to buy equipment on behalf of CaptivateIQ.
  • Ask candidates to make a payment in order to be considered for a position.
  • Make early requests for candidates personal information such as date of birth, passport details, credit card numbers, bank details and social security number, etc.
  • Please note that we’ll only ask for more sensitive personal information in connection with background checks after an offer is made.
  • Participate in an oncall rotation to provide afterhours support, ensuring timely resolution of critical issues and maintaining system uptime.
  • CaptivateIQ participates in EVerify, webbased system that allows enrolled employers to confirm the eligibility of their employees to work in the United States
    •

    Required profile

    Experience

    Level of experience: Senior (5-10 years)
    Spoken language(s):
    English
    Check out the description to know which languages are mandatory.

    Hard Skills

    CI/CDAWS Identity And Access Management (IAM)Cloud Security ArchitectureIncident ResponseContainer SecurityKubernetesPython (Programming Language)Vulnerability ManagementCompliance ManagementDocker (Software)Cloud Security Applications

    Other Skills

    • Communication
    • Teamwork
    • Problem Solving
    Are you interested?

    Cloud Security Engineer Related jobs

    See more Cloud Security Engineer jobs