Staff Cloud Security Engineer

ServiceTitan is seeking an experienced Staff Cloud Security Engineer to shape the security foundation of their modern cloud environments and next-generation applications. In this role, you will design automated security controls, harden multi-cloud infrastructure, and promote secure development practices across the organization.

Responsibilities:

• Integrate robust security controls directly into CI/CD platforms such as GitHub, GitLab, Jenkins, or Azure DevOps
• Evaluate and implement pipeline-based security Infrastructure as Code (IaC) scanning. Manage and configure IaC scanning tools to surface true risk
• Build and optimize developer feedback loops and automated remediation workflows to ensure software is secure by default. Develop automated scripts using Python, Bash, or PowerShell to streamline security processes
• Build and maintain IAM security controls across cloud platforms, assessing policies to enforce the principle of least privilege
• Standardize management, security controls, and lifecycle expectations with regard to non-human identity
• Govern the secure use of cloud identities, Application Programming Interfaces (APIs), and secrets management
• Develop and implement secure infrastructure baselines, vulnerability management processes, and hardening standards across AWS, Azure, or GCP environments
• Validate security configurations and leverage IaC tools like Terraform, CloudFormation, or Bicep to ensure repeatable, auditable, and secure infrastructure provisioning
• Tackle high-impact infrastructure projects such as multi-cloud network isolation, secure multi-tenant use, and continuous remediation of discovered misconfigurations
• Guide engineering teams on secure architecture design for cloud apps, microservices, serverless services, and PaaS workloads
• Advance container and Kubernetes security by implementing runtime controls, supply-chain security, and configuration assessments
• Secure in-house and public AI/ML systems against cyber threats, adversarial attacks, and unauthorized access, ensuring models and data pipelines are protected throughout the solution lifecycle
• Ensure that sensitive cloud and AI data is properly encrypted, anonymized, and securely stored
• Assess and implement strong encryption configurations, checkpoint encryption, and tokenization to protect data at rest and in transit
• Develop and enforce policies to align data security and privacy measures with industry regulations, ethical standards, and organizational governance requirements
• Partner with Security Operations to improve cloud application telemetry, logging, and observability. Help expand monitoring capabilities by onboarding log sources and building detection rules for cloud-based threats
• Monitor and analyze security events using SIEM, Cloud Security Posture Management (CSPM), and Cloud Workload Protection Platforms (CWPP)
• Support the triage, investigation, and forensic analysis of cloud-based application or pipeline security incidents, working collaboratively to contain and mitigate threats

Requirements:

• 7-10+ years of hands-on experience in cloud security, application security, DevSecOps, or related engineering roles
• Deep hands-on experience with Azure and/or AWS security services, including the design and maintenance of multi-cloud application controls
• Proficiency in scripting (Python, Bash, PowerShell) to automate security tasks
• Strong understanding of container security (Docker, Kubernetes) and IaC security (Terraform, ARM)
• Industry certifications such as CCSP, CISSP, AWS Security Specialty, Azure Security Engineer, GCSA, or OSCP are highly preferred