The Role

As a Senior Security Engineer, you'll harden the security posture of our AWS environment, our public-facing perimeter, and our software development pipeline. Cloud Security and vulnerability management in Wiz are the primary focus.

You'll partner with DevOps, Engineering, and our Application Security Engineer to build preventative controls across infrastructure, identity, CI/CD, and applications. The work is hands-on: configuring tooling, writing and tuning detection and blocking rules, reviewing architecture, hardening pipelines, and supporting application security work where your range is needed.

Key Responsibilities

Cloud Security

• Operate and tune our WAF, including managed and custom rule sets, rate limiting, bot mitigation, and the day-to-day work of keeping false positives low.
• Own cloud security posture across our AWS environment using a CSPM or CNAPP platform alongside AWS-native security services.
• Reduce risk across IAM, network segmentation, ECS and container security, secrets management, cloud security policy management (IaC), and data exposure.
• Establish secure defaults in our Infrastructure as Code through reusable modules, guardrails, and policy as code.
• Harden CI/CD pipelines and the secrets that flow through them in partnership with DevOps.
• Own the end-to-end observability posture of your systems from telemetry instrumentation and alert design to runbook documentation ensuring the SOC has the visibility and context needed to respond with confidence.

Vulnerability Management

• Run our vulnerability management program across cloud and application findings: intake, prioritization, SLA tracking, and reporting.
• Partner with engineering teams to drive remediation, advising on fixes and unblocking the work where you can.
• Build automation that scales the program — pipelines for ingestion, deduplication, prioritization logic, and developer-facing workflows.

AI Security

• Contribute to our growing AI security program, including controls for AI-assisted development tooling, secure use of AI in our products, and emerging risks like prompt injection.

Skill Requirements

• 5+ years of hands-on security engineering experience across cloud security and vulnerability management.
• Strong AWS security background, including IAM, networking, container orchestration (ECS, EKS, or Kubernetes), and logging and audit. Hands-on experience with Wiz CNAPP.
• Hands-on experience operating a WAF in production, including writing and tuning rules, managing false positives, and responding when something gets through.
• Experience securing CI/CD pipelines and Infrastructure as Code, with Terraform required.
• Working knowledge of OWASP Top 10 and threat modeling.
• Experience running or substantially contributing to a vulnerability management program.
• Operates independently and drives projects without day-to-day oversight.

Desirable Skills

• Experience with the tools we use day to day: Wiz, Cloudflare (WAF, Gateway, Zero Trust), GitHub Advanced Security, Spacelift, and AWS-native security services such as GuardDuty, Security Hub, Macie, and Inspector.
• Container and orchestration security depth across Docker, Kubernetes, and ECS/EKS.
• Familiarity with AI/ML security risks such as prompt injection, data poisoning, and model abuse, and the controls that mitigate them.
• Experience with secrets management platforms such as AWS Secrets Manager, Keeper, and/or Infisical.
• Identity security across human and non-human identities, including service accounts, API keys, and OIDC federation.
• Experience in a PCI-regulated environment or financial services.
• Familiarity with Ruby on Rails, Python, or Go.

The Ideal Candidate

The ideal candidate measures success by reduced risk, not tickets closed, and reaches for secure design and simplicity before reaching for another control. They think like an attacker when reviewing systems, but bring a developer mindset to the partnership with engineering. They connect the dots across cloud, identity, application, and pipeline rather than treating each as a separate domain.

They move comfortably between cloud infrastructure, IaC, and application code, and engineers trust their technical judgment. They can represent the team in cross-functional meetings without a manager in the room, and when something is blocked, they come with a proposed path forward.

#LI-LB2