Senior Security Engineer - Cloud Security

ABOUT THE ROLE

We are looking for a Senior Security Engineer with deep cloud security expertise to own complex security workstreams across our multi-cloud environment and drive our vulnerability management program to the next level of maturity. This is a senior individual contributor role for a security engineer who independently leads complex technical initiatives, influences security decisions across engineering teams, and serves as a trusted cloud security subject matter expert. The role combines deep technical execution with cross-functional influence, while partnering with Security leadership and the Principal Security Architect on broader security strategy and architecture direction.

You will operate across cloud security posture management, infrastructure hardening, vulnerability program leadership, and secure DevOps practices, with the seniority to make independent technical judgments, lead cross-functional security initiatives, and mentor colleagues. This role partners closely with the Principal Security Architect to operationalize cloud security standards, implement security controls, and execute security initiatives across Nasuni's cloud environments.  You are equally comfortable diving deep into cloud configurations, reviewing security architecture, and advising engineering teams on security trade-offs.

Success In This Role Looks Like

• Improved cloud security posture across key cloud platforms
• Increased vulnerability remediation effectiveness and SLA attainment
• Expanded visibility and coverage of cloud security controls
• Reduced recurring security findings through automation and systemic improvements
• Increased adoption of secure-by-default cloud engineering practices

WHAT YOU WILL DO

Cloud Security Engineering and Posture Management

• Lead initiatives that continuously improve Nasuni's cloud security posture across AWS, Azure, and GCP, including workload security, IAM hardening, network segmentation, encryption, and least-privilege enforcement.
• Lead cloud security assessments and configuration reviews, identifying and remediating misconfigurations and security gaps using Wiz and cloud-native tools.
• Drive zero-trust initiatives and cloud-native security controls across our multi-cloud infrastructure.
• Partner closely with the security leadership to translate architectural standards into enforceable, operational controls, and provide ground-level feedback to shape those standards.
• Evaluate and implement security controls for container and Kubernetes workloads, CI/CD pipelines, and Infrastructure as Code.
• Contribute to cloud security architecture and design reviews by providing implementation guidance, operational security expertise, and risk assessments for new technologies and infrastructure changes.

Vulnerability Management Program Ownership

• Lead execution and continuous improvement initiatives within Nasuni's vulnerability management program, partnering with Security leadership to influence strategy, tooling direction, prioritization frameworks, and program maturity across AWS, Azure, and GCP.
• Assess and enforce vulnerability SLAs and risk-based prioritization frameworks aligned to business risk appetite.
• Analyze vulnerability data across environments, synthesize trends, and produce executive-ready reporting on exposure, remediation velocity, and risk posture.
• Drive systemic remediation through collaboration with DevOps, SRE, IT/infrastructure, and engineering teams, moving beyond ticket-by-ticket fixes toward structural improvements.
• Continuously tune and optimize scanning coverage, detection fidelity, and platform configuration across all vulnerability management tooling.
• Identify program gaps, define improvement roadmaps, and present recommendations to security leadership.

DevSecOps and Infrastructure Hardening

• Partner with DevOps and SRE teams to embed security controls into CI/CD pipelines, IaC templates, and cloud provisioning workflows.
• Drive adoption of security-as-code practices including policy-as-code, automated misconfiguration detection, and runtime security controls.
• Define and enforce secure configuration baselines across cloud workloads, operating systems, and network infrastructure.
• Assess and harden container and Kubernetes environments; support secrets management and workload identity practices.

Incident Response

• Support the SecOps team by contributing to complex and high-severity incident responses within your domain.
• Advise the SecOps team on the development and improvement of incident response playbooks and runbooks for cloud and infrastructure-related security events.
• Conduct threat hunting in cloud environments and contribute to detection engineering efforts in collaboration with the SecOps team.
• Participate in post-incident reviews and systemic improvements that reduce recurrence of cloud security events or incidents.

Compliance and Governance

• Partner with GRC to ensure the vulnerability management and cloud security controls align with compliance requirements.
• Own technical evidence preparation and control documentation within your workstreams for audit and compliance activities.
• Advise engineering and business teams on security considerations for new technologies, integrations, and infrastructure decisions.

Mentorship and Team Contribution

• Mentor colleagues and peers, guiding technical decisions, sharing expertise, and improving the team's overall cloud security capabilities.
• Lead security tooling evaluations and contribute to decisions on platform investments and program improvements.
• Design, improve, and scale repeatable AI-assisted security workflows that enhance vulnerability analysis, cloud security assessments, remediation prioritization, and operational efficiency while maintaining strong validation, security, and risk-management practices.

WHAT YOU WILL BRING

Experience

• 6–9 years of experience in security engineering, cloud security, or a closely related discipline.
• Demonstrated ownership of complex cloud security workstreams in a multi-cloud or cloud-native environment.
• Proven experience leading or significantly contributing to a vulnerability management program, including tool operation, process design, and stakeholder engagement.
• Experience securing cloud-native SaaS products or operating within complex cloud-first technology environments.
• Experience designing or operationalizing repeatable AI-assisted workflows that improve security engineering, vulnerability management, security analysis, automation, or operational efficiency.

Cloud Security Depth

• Deep hands-on expertise with AWS security, including IAM, VPC/networking, GuardDuty, Security Hub, CloudTrail, KMS, and AWS-native hardening practices. Additional Azure and GCP experience a plus.
• Strong working knowledge of CSPM tools; direct experience with Wiz is highly advantageous.
• Experience with container security, Kubernetes security, and IaC security tooling (Terraform, CloudFormation, or equivalent).
• Familiarity with CI/CD security integration and DevSecOps practices.

Technical Foundations

• Strong understanding of network security, protocols, and infrastructure security fundamentals (TCP/IP, DNS, TLS, VPN, firewall design).
• Working knowledge of IAM, Zero Trust principles, secrets management, and authentication protocols (OAuth 2.0, OIDC, SAML).
• Experience with scripting or automation for security workflows (Python, Bash, or equivalent).
• Demonstrated ability to validate AI-generated outputs using security expertise, testing, data analysis, or other structured review mechanisms before applying recommendations in production environments.

Frameworks and Compliance

• Familiarity with NIST CSF, CIS Benchmarks, and OWASP frameworks.
• Strong command of vulnerability severity frameworks (CVSS, EPSS) and risk-based prioritization methodologies.
• Experience conducting technical risk assessments and security design reviews.

Communication and Influence

• Ability to explain complex security risks and trade-offs clearly to both engineering and IT/infrastructure peers and non-technical leadership.
• Strong written communication skills for producing vulnerability reports, security assessments, and architectural recommendations.
• Collaborative working style, you influence through expertise and build trust across teams.

Education and Certifications

• • Bachelor's degree in Computer Science, Information Security, Engineering, or a related field; or equivalent practical experience.
  • Certifications preferred: AWS Security Specialty, CISSP, CCSP, GIAC GCSA, or equivalent cloud security credentials.

About Nasuni

Nasuni is the unstructured data foundation for enterprise teams—and the AI that supports them. We manage, protect, and activate the world’s unstructured data so organizations can work smarter, spend wisely, and create safely without limits. As a Vista-backed SaaS data infrastructure company, Nasuni is transforming how enterprises manage file data with a next-generation, AI-ready platform—turning massive file stores into secure, actionable, and AI-ready data for intelligent automation, analytics, and global collaboration.

Why Work Here — Europe / Warsaw

At Nasuni, you’ll work at the intersection of cloud infrastructure, enterprise data, cybersecurity, and AI readiness. You’ll help build and operate modern systems that support global teams and customers while contributing to a company backed by Vista Equity Partners and connected to a broader ecosystem of software leadership and operational excellence. This is an opportunity to bring hands-on cloud expertise to a collaborative, high-growth environment where reliable infrastructure, automation, and secure access directly enable business scale.

To all recruitment agencies: Nasuni does not accept agency resumes. Please do not forward resumes to our job boards, Nasuni employees or any other company location. Nasuni is not responsible for any fees related to unsolicited resumes.

Nasuni is an equal opportunity employer. The equal employment opportunity policy at Nasuni protects employees and job applicants from discrimination on the bases of race, religion, color, sex (including pregnancy, gender identity, and sexual orientation), parental status, national origin, age, disability, family medical history or genetic information, political affiliation, military service, or other non-merit based factors. These protections extend to all management practices and decisions, including recruitment and hiring practices, appraisal systems, promotions, and training and career development programs.