About the RoleWe are hiring a Senior, hands-on Cloud Security Engineer to secure a large-scale, cloud-native SaaS platform. This is an engineering-first role for someone who builds security solutions-not just manages tools.
You will be a SME for cloud security architecture across platform, IAM, network, workload, data, and AI enablement, and partner with Engineering, Security, and Product to implement scalable controls that support business growth. You'll design secure architectures, embed controls into infrastructure-as-code, and build automated guardrails so teams can move fast without waiting on manual security approvals.
We're looking for a builder-defender who thrives in complex cloud environments, automates aggressively ("let the robots do the work"), and can scale cloud security for a fast-moving SaaS company.
What You'll Do- Architectural Leadership: Partner deeply with infrastructure and engineering teams to embed security into development workflows, leading high-level technical discussions to guide security efforts and strategic priorities.
- Multi-Cloud Engineering: Design, implement, and continuously improve Sigma Cloud Security across AWS, GCP, and Azure environments with architect-level technical depth.
- Threat Modeling & IR: Conduct cloud threat modeling and demonstrate hands-on experience in Cloud Incident Response, including investigating and remediating malicious activity within cloud environments.
- Identity & Access: Build IAM and privileged access strategy (RBAC/ABAC, federation, least privilege, cross-account access), eliminating standing privilege and long-lived credentials. Develop and enforce IAM best practices, including zero-trust models and privileged access controls across IaaS and SaaS.
- Drive cloud data security controls including classification, encryption/KMS, masking/tokenization, access governance, retention/deletion, and exfiltration risk reduction across APIs and data pipelines.
- Develop automated remediation workflows for recurring cloud misconfigurations, drift, and policy violations to reduce manual effort and response time.
- Security Stack Management: Deploy and manage cloud-native services (CSPM, CNAPP, DSPM, SIEM, DLP, WAF, Kubernetes, and container security).
- Network Defense: Review and apply zero-trust principles through strict network segmentation, authentication, and authorization.
- Automation: Develop sophisticated signatures/rules for cloud security and automate detection and response workflows.
- AI : Use AI securely and effectively to scale security practices and improve team efficiency.
- Continuous Evolution: Stay ahead of threats by leveraging intelligence, attack simulation, and red/blue team learnings.
What We're Looking For- Minimum 7+ years in Security roles with at least 5+ years focused on Cloud security engineering,IAM, and Data security
- Bachelor's or Master's degree in Computer Science, Cyber Security, or a related field.
- Deep technical expertise in cloud architectures AWS/Azure/GCP; including IAM, networking (VPCs, security groups, PrivateLink), and native security services is strongly desired.
- Strong infrastructure-as-code skills-you write Terraform professionally, not just read it.
- Advanced understanding and experience with container security, Kubernetes, and secure CI/CD pipeline design
- Proven ability to demonstrate incident response experience specifically related to cloud-based malicious activity and breach remediation.
- Advanced Cloud IAM expertise: federation, SSO, PAM/JIT access, service identities, and least privilege design.
- Strong background in cloud network security (segmentation, private connectivity, egress controls, WAF).
- Strong proficiency in scripting languages (e.g., Python, Go, PowerShell) for automation, data analysis, and security tooling development.
- Strong knowledge of security platforms such as CNAPP (Wiz), WAF (Cloudflare), SASE (Netskope)
- Demonstrated ability to lead cloud/saas architecture reviews and influence senior engineering stakeholders.
- Experience securing data platforms (nice to have) - Snowflake, Databricks, BigQuery etc.
- Experience in high-growth SaaS or data platforms Organizations (nice-to have)
- Prior experience in Platform Engineering, DevSecops or similar (nice-to-have)
- Certifications (Preferred): Professional-level cloud certifications are required, such as:
- AWS: Certified Security - Specialty or Solutions Architect - Professional.
- GCP: Professional Cloud Security Engineer or Professional Cloud Architect.
- Azure: AZ-500 (Security Technologies) or AZ-305 (Solutions Architect).
Additional Job detailsThe base salary range for this position is $210k - $240k annually.
Compensation may vary outside of this range depending on a number of factors, including a candidate's qualifications, skills, competencies and experience. Base pay is one part of the Total Package that is provided to compensate and recognize employees for their work at Sigma Computing. This role is eligible for stock options, as well as a comprehensive benefits package.
Benefits For Our Full-Time Employees:- Equity
- Generous health benefits
- Flexible time off policy. Take the time off you need!
- Paid bonding time for all new parents
- Traditional and Roth 401k
- Commuter and FSA benefits
- Lunch Program
- Dog friendly office
Note: We have an in-office work environment in all our offices in SF, NYC, and London.
