Senior Application/Cloud Security Engineer
ARCHIVED
We can't find an active application page for this role right now. It may reopen or be listed elsewhere. Use Next Steps to search for an active apply link and similar live jobs.
Description:We are seeking a Senior Cloud/Application Security Engineer for a project based assignment to help advance our cloud security and application security capabilities. In this role, you will serve as a key security advisor and hands-on technical partner to scientists, engineers, data scientists, bioinformaticians, and IT teams.Responsibilities:Cloud Security EngineeringLead the design, implementation, and continuous improvement of cloud security controls across Calico’s cloud environments, with a strong emphasis on Google Cloud Platform (GCP).Define and implement cloud security architecture patterns, guardrails, and secure-by-default capabilities that enable research and engineering teams while protecting sensitive data.Contribute to continuous cloud security posture management through infrastructure-as-code scanning, misconfiguration detection, automated remediation, and policy-as-code enforcement.Implement and improve controls for identity and access management, secrets management, key management, network security, workload isolation, logging, and monitoring.Support secure use of Google Cloud native security services such as Security Command Center, Cloud Armor, KMS, Secret Manager, Cloud DLP, Certificate Manager, Chronicle, and related capabilities.Application Security & DevSecOpsPartner with engineering, data science, bioinformatics, AI/ML, and IT teams to integrate security throughout the software development lifecycle.Perform application security design reviews, code reviews, threat modeling, and security testing for web applications, APIs, internal tools, data pipelines, and scientific computing environments.Integrate application security tooling into developer and CI/CD workflows, including SAST, DAST, SCA, container scanning, secrets scanning, and infrastructure-as-code scanning.Harden CI/CD pipelines against software supply chain attacks through isolated build environments, signed attestations, dependency verification, artifact integrity checks, and automated policy enforcement.AI/ML, Research, and Data SecurityDevelop security controls that enable scientists and researchers while protecting sensitive data, including intellectual property, regulated data, experimental datasets, and AI/ML workloads.Perform threat modeling and risk assessments for applications, infrastructure, AI/ML systems, research pipelines, and lab environments.Partner with data science and bioinformatics teams to secure research workflows, model development environments, data pipelines, and scientific computing platforms.Support data protection capabilities such as encryption, access segmentation, data loss prevention, logging, and monitoring for sensitive scientific and research data.Security Operations & Incident ReadinessStrengthen detection, response, and investigation capabilities across cloud and on-premises environments.Partner with IT teams to improve logging, alerting, threat detection, and incident response workflows.Support security investigations, vulnerability remediation, root cause analysis, and post-incident improvement activities.Governance, Risk, and Compliance AlignmentEnsure security solutions align with company policies, risk management practices, and relevant frameworks such as ISO 27001, NIST, CIS Controls, SOC 2, and related standards.Support audits, assessments, and evidence collection related to cloud security, application security, and infrastructure controls.Position Requirements:Bachelor’s degree in computer science, Cybersecurity, Information Systems, Engineering, or a related field, or equivalent practical experience.8+ years of experience in information security, with significant hands-on experience in cloud security, application security, security engineering, or DevSecOps.5+ years of proven experience with application security concepts, including API security, web application security, secure coding, threat modeling, and security testing.5+ years of hands-on experience securing cloud applications and infrastructure; Google Cloud Platform experience strongly preferred.Experience with Google Cloud native security services such as Security Command Center, Chronicle, Cloud Armor, Certificate Manager, KMS, Secret Manager, Cloud DLP, IAM, Cloud Logging, and related services.Strong proficiency with Infrastructure as Code, especially Terraform, and experience implementing security controls through policy-as-code or automated guardrails.Experience securing containerized workloads and orchestration platforms, including Docker, Kubernetes, and GKE.Proficiency with secure SDLC practices and application security testing tools, including SAST, DAST, SCA, secrets scanning, container scanning, and CI/CD security integration.Excellent communication and collaboration skills, with the ability to explain complex security concepts to scientists, engineers, IT staff, and leadership.Must be willing to work onsite at least four days per week.Nice to Have:Relevant certifications such as CISSP, CCSP, CSSLP, GCP Professional Cloud Security Engineer, GIAC certifications, or other cybersecurity-related certifications.Experience in biotechnology, life sciences, healthcare, pharmaceutical, or research computing environments.