Security Engineer - Product & Production Infrastructure

SUMMARY

Wiz is looking for a Security Engineer for Product & Production Infrastructure who has experience performing security reviews, vulnerability management, and detection and response operations in cloud-native environments. You’ll get to collaborate with our software development and DevOps teams to secure Wiz’s products, CI/CD infrastructure, and production infrastructure. You’ll also have the opportunity to influence our product roadmap by utilizing Wiz-for-Wiz to assess, monitor, and harden our environments.

WHAT YOU’LL DO

• Lead threat modeling and security reviews across Wiz's products and cloud infrastructure, identifying attack surfaces and developing scalable mitigation strategies
• Build automation, policy-as-code, and security tooling that enables development teams to "shift left" and integrate end-to-end security into their workflows
• Design and implement secure baselines for cloud resources and Kubernetes based infrastructure
• Drive vulnerability management and remediation efforts – prioritizing issues, implementing mitigations, and designing strategic preventative controls in software supply chains from development through production
• Extend our detection and response capabilities – building scalable solutions to identify malicious activity, triage alerts, and investigate and remediate incidents
• Build deep functional partnerships with Wiz's engineering and operations teams – helping them deliver secure-by-design solutions

WHAT YOU’LL BRING

• 7+ years of experience in security engineering or security operations work in cloud environments, with a focus on the below:
• Strong AWS cloud security experience (we will also consider equivalent experience in Azure and GCP with some level of AWS experience)
• Cloud native Kubernetes services (EKS/GKE/AKS) and strong container security principles
• Deep understanding of securing IAM and cloud identities at scale
• Proven ability to lead technical security reviews of products and architectures, conduct threat modeling exercises, and translate findings into actionable security controls
• Practical understanding of web application security concepts (such as OWASP Top-10 and similar)
• Hands-on experience with IAC and related tools (Terraform, CloudFormation, Helm, Pulumi)
• Experience with automation and tooling development in one or more: Python, Go, Shell, HCL, Rego

PREFERRED QUALIFICATIONS

• Bachelor's degree in computer science or a related field and / or candidates with equivalent job experience in lieu of a degree
• Experience working with remote, globally distributed teams 
• Experience working in organizations that develop software and/or operate managed infrastructure and technology services for their own customers 
• Experience with CNAPP, CSPM, or CIEM solutions