Platform & Security Engineer (m/f/d)

Developer-Driven SecOps: Leverage your programming background to transition manual security and infrastructure processes into automated, self-service APIs and internal tooling, speaking the same language as our product engineers.

Platform Operations: Design, implement, and operate cloud infrastructure (primarily AWS) as a secure, reliable platform, enabling self-service for engineering teams to deploy and run applications.

Infrastructure Hardening: Apply defense-in-depth and zero-trust principles, implementing layered security controls across network, compute, identity, and data tiers.

Security Standards & Governance: Develop, document, and enforce security standards, guidelines, and hardening baselines for software development (SDLC) and platform operations, driving adoption across the organization.

Incident Response: Detect, triage, manage, and respond to cyber security incidents, owning the process from initial signal through resolution and post-mortem.

Hands-on Security Engineering: Actively address vulnerabilities, implement security features (WAF rules, SIEM monitors, access policies), and improve overall platform resilience.

Continuous Threat Review: Conduct ongoing reviews of security tooling (such as our CNAPP Wiz), processes, and controls in response to new threats, architecture changes, and internal risk assessments.

Harness Engineering: Extend and improve our tooling that supports the Agent-Harnesses to safeguard AI-assisted development workflows across the SDLC.

Stakeholder Collaboration: Coordinate, communicate, and align seamlessly with key stakeholders including the CTO, CISO, Engineering Managers, Tech Leads, and cross-functional product teams.

Building custom internal integrations and automation scripts using Go and TypeScript to streamline platform operations.

Laying the secure cloud boundaries, API gateways, and guardrails required for engineering teams to safely experiment with and integrate AI models.

Cloud infrastructure setup, migration, and hardening (AWS networking, IAM, ECS, storage).

Zero-trust architecture and identity/access management (IAM) across platform and SaaS tooling.

SIEM and detection coverage (rulebook design, alert tuning, gap analysis).

Secrets management, certificate lifecycle automation, and WAF/DDoS perimeter security.

Developer security enablement via secure defaults, pipeline integrations, harness improvements and guardrails.

Developer Empathy: You understand the Go and TypeScript ecosystems from a developer’s perspective. You know how to secure software supply chains and integrate security seamlessly into CI/CD pipelines without slowing the product teams down.

Manager-of-one: You are highly self-sufficient, taking full ownership of tasks and projects without requiring close supervision.

Good Communicator: You can explain complex technical details clearly and collaborate effectively with diverse teams and stakeholders.

Eager to Learn: You have a passion for learning new technologies and are always curious to dive into unknown territory.

Excited About Tech: You love tackling challenging technical problems, have a genuine passion for tech, and are sufficiently nerdy (and "nerd-snipeable"!).

Reliable & Quality-Aware: You deliver on time while paying close attention to detail and maintaining high standards in your work.

Daily (High Proficiency): Terraform/OpenTofu, Shell-scripting, and core AWS services (VPC/Networking, EC2, ELB, Route53, IAM, RDS, CloudFront, Lambda, S3, CloudTrail, CloudWatch Logs, StepFunctions).

Weekly (Familiarity & Automation): Go, TypeScript, GitHub Actions, Docker, Kubernetes (K8s), GitOps, Datadog (Cloud-Native Observability), and Wiz (CNAPP).

Monthly (Occasional Use): Python, Java/Kotlin, Helm, Maven, Gradle, Spring framework, RabbitMQ.