DISQO is hiring a Senior Security Engineer to take definitive ownership of our comprehensive security posture, encompassing both AWS cloud and endpoint security. This critical role leads day-to-day security operations across our platform, which includes a high-throughput AWS environment that processes billions of measurement signals. We rely heavily on AI-assisted tooling to enable a small, effective security team. This is a hands-on individual contributor role. You will harden our AWS footprint, run detection and incident response, and build automations that turn repetitive security work into code. You will be expected to use AI coding agents (Claude Code, Cursor, or similar) as part of your default workflow. You will report to the Director of Platform and partner closely with Engineering, IT, Product, and Legal. No direct reports. You influence through designs, code, reviews, and the systems you ship. **Position Summary:** As Senior Security Engineer, you are the technical owner of DISQO's security posture, encompassing both cloud and endpoint environments. You set the technical bar for security and security operations, driving the implementation of Zero Trust principles across our infrastructure and employee devices. On the cloud side, you own AWS identity, network, data, and account-level controls. On the operations side, you manage detection engineering, alert triage, incident response, and vulnerability management. As an AI-enabled engineer, you leverage coding agents and automation to build tools, agents, and integrations that compress manual toil into seconds, scaling the security practice. You will work with autonomy on cross-functional initiatives, drive architectural decisions for security-critical systems, and help build a forward-leaning, AI-native security practice. **What you will do:** - **AWS Cloud Security:** - Own the security posture of our AWS environment: IAM, networking, encryption, KMS, secrets management, and multi-account governance. - Operate AWS-native security services: GuardDuty, Security Hub, Config, IAM Access Analyzer, Macie, Inspector, CloudTrail, and Control Tower. - Design and review secure-by-default patterns for new services. Provide security guidance on Terraform, CloudFormation, and CDK changes. - Drive identity, network, and data perimeter strategy. Reduce blast radius and enforce least privilege across accounts. - Harden container, serverless, and Kubernetes (EKS) workloads where they touch sensitive data. - **Security Operations:** - Run day-to-day SecOps: detection engineering, alert triage, threat hunting, and incident response. - Tune and operate the SIEM, SOAR, and EDR stack (e.g., CrowdStrike). Author and maintain detections as code. - Drive the implementation of Zero Trust principles and manage endpoint security for employee devices, including local admin removal for employees handling customer data. - Lead incident response end-to-end: containment, forensics, root cause, customer comms, and blameless postmortems. - Run vulnerability management and patching cadence; track and drive remediation SLAs. - Build runbooks, on-call playbooks, and tabletop exercises that keep the team sharp. - **AI-Enabled Engineering:** - Use AI coding agents (Claude Code, Cursor, Copilot, or similar) daily to accelerate security engineering work. - Build automations and small services that turn manual security work into repeatable, code-defined workflows. - Apply AI to scale Tier-1 triage, alert enrichment, IR draft communications, and detection content authoring. - Help shape security guardrails for AI tooling and AI-related workloads as they emerge in our stack. - **Governance, Risk & Compliance:** - Support SOC 2 Type I/II and similar audits: evidence collection, control mapping, and customer questionnaire response. - Run third-party and vendor security assessments. - Manage security awareness training and the anti-phishing program. - Manage relationships and contracts with security vendors (MSSP, EDR, WAF, vulnerability management, etc.). - **Cross-functional Partnership:** - Champion the DevSecOps mindset and foster a security-first culture across engineering teams. - Be the go-to technical reviewer for new product surfaces, infrastructure designs, and data flows. - Partner with Legal and Privacy on regulatory requirements, control implementation, and audit readiness. - Mentor engineers on secure coding, threat modeling, and cloud security best practices. **What we're looking for:** - **Required:** - **Experience:** 6+ years in cloud security, security operations, or infrastructure security, with hands-on production experience (not policy-only). - **AWS Depth:** Strong working knowledge of AWS security: IAM, VPC, KMS, GuardDuty, Security Hub, CloudTrail, Config, and multi-account governance. - **Security Operations:** Hands-on security incident response experience. You have led real investigations, written postmortems, and tuned detections in a SIEM/SOAR. - **Coding Ability:** Comfortable scripting and building small services in Python, Go, or similar. You ship automation, not just tickets. - **AI-Enabled Workflow:** Use AI coding agents (Claude Code, Cursor, Copilot) as part of your default workflow, not as an experiment. - **Frameworks:** Working knowledge of NIST CSF, CIS Controls, OWASP Top 10, and MITRE ATT&CK. - Experience implementing cloud-native detection and monitoring - Audit experience: SOC 2, ISO 27001, PCI, or similar. - Hands-on experience with endpoint security, including EDR (e.g., CrowdStrike), local admin removal, and device management/hardening. - **Nice to have:** - **Detection engineering and SOAR/automation experience at scale.** - **IaC security: Terraform, CDK, or CloudFormation, plus CI/CD security gates and policy-as-code (OPA, Cedar).** - **Container and Kubernetes (EKS) security.** - **Multi-cloud exposure (GCP or Azure) in addition to AWS.** - **Familiarity with AI/LLM security (OWASP LLM Top 10, MITRE ATLAS, NIST AI RMF). Useful but not required.** - **Certifications: AWS Security Specialty, CISSP, CCSP, GCIH, GCIA, GCFA, or OSCP.** - **Built custom MCP servers, agent frameworks, or in-house security tooling.** - **Open-source contributions to cloud security or detection engineering tooling.** $180,000 - $200,000 a year **Your pay will be determined by your experience, work location, and other applicable factors.** #LI-MV1 At DISQO, we pride ourselves on having a positive, performance-oriented workplace that includes a flexible hybrid approach, competitive medical benefits, and an amazing vacation policy. Read more about our culture on Glassdoor. You can learn more about what's happening at DISQO by visiting the DISQO Company Blog. **Perks & Benefits:** • 100% covered Medical/Dental/Vision for employee, competitive dependent coverage • Stock options • 401K • Generous PTO policy • Team offsites, social events & happy hours • Life Insurance • Health FSA • Commuter FSA (for hybrid employees) • Catered lunch and fully stocked kitchen • Paid Maternity/Paternity leave • Disability Insurance • Travel Assistance Program • 24/7 Counseling Services offered to Employees **Note: The benefits noted above are for full time US based employees only.**