Key skills
PythonKafkaNode.jsAWSGCPGoogle CloudTerraformKubernetesGKEIAMPub/SubSaaSCloud Security
About this role
Federato is on a mission to defend the right to efficient, equitable insurance for all. They are seeking a Senior Security Engineer to contribute to their application security program, manage vulnerabilities, and drive security culture across engineering teams.
Responsibilities:
- Contribute to our application security program. Work with our SAST, DAST, and SCA tooling, triage and prioritize vulnerabilities, and partner with engineering teams to drive remediation
- Participate in threat modeling and secure design reviews on new products and services
- Share incident response on-call. Investigate, contain, and resolve security incidents alongside the rest of the team
- Help refine our runbooks, detection coverage, and post-incident process
- Help harden our cloud and Kubernetes environment
- Contribute to security posture across GCP and GKE: IAM and least-privilege, secrets management, container and supply chain security, and IaC guardrails (Terraform)
- Build detections and security automation
- Engineer high-signal detections from cloud, identity, and application telemetry
- Automate the toil of vuln triage, access reviews, SaaS posture, questionnaire workflows so the team scales
- Streamline customer security work
- Help respond to customer security questionnaires and audits, and build internal tooling and a knowledge base so this scales as deal volume grows
- Strengthen business continuity and DR
- Help assess threats to continuity, contribute to DR plans, and run real exercises against them
- Help drive a security culture across engineering
- Pair on developer training, secure-coding guidance, and standards work to make the secure path the easy path
Requirements:
- 5+ years of hands-on experience managing cloud infrastructure and automation
- Experience in achieving SOC2 Type II, ISO 27001, or similar certifications
- Experience with Node.js or Python for backend services in a microservices architecture
- 3+ years of experience with cloud providers, preferably Google Cloud Platform (GCP)
- Solid experience with cloud security on GCP or AWS, including IAM, Kubernetes, and IaC
- Knowledge of asynchronous processing, message queues (e.g., Kafka, Pub/Sub), and event-driven architecture for backend applications
- Experience focused on the internal engineer team success