Cloud Security Engineer

About BRINC:At BRINC, we are redefining public safety with an innovative ecosystem of life-saving tools. Our journey started with the development of drones and ruggedized throw phones, designed to access unsafe areas and establish communication to de-escalate situations. Today, we've expanded into creating and deploying 911 response networks, where drones are dispatched to 911 calls to provide real-time visual data, enhancing safety and enabling de-escalation-focused responses. Our cutting-edge solutions are utilized by over 600 public safety agencies across America and the company has raised over $150M from investors, including Index Ventures, Motorola Solutions, Sam Altman, Dylan Field, Mike Volpe, Alexandr Wang and more. At BRINC, we are committed to recruiting the world's best talent to join us in our mission to support first responders in saving lives.About BRINC:At BRINC, we are redefining public safety with an innovative ecosystem of life-saving tools. Our journey started with the development of drones and ruggedized throw phones, designed to access unsafe areas and establish communication to de-escalate situations. Today, we've expanded into creating and deploying 911 response networks, where drones are dispatched to 911 calls to provide real-time visual data, enhancing safety and enabling de-escalation-focused responses. Our cutting-edge solutions are utilized by over 600 public safety agencies across America and the company has raised over $150M from investors, including Index Ventures, Motorola Solutions, Sam Altman, Dylan Field, Mike Volpe, Alexandr Wang and more. At BRINC, we are committed to recruiting the world's best talent to join us in our mission to support first responders in saving lives.About This Role:We are seeking a Cloud & Security Engineer to own and mature the security posture of BRINC's AWS environment and corporate infrastructure. This is a hands-on, high-ownership role for a strong individual contributor who thrives on building — someone who wants to shape how security is done at a growing company, not maintain what someone else already built. You will be the primary security practitioner at Brinc, responsible for turning passive AWS tooling into active threat detection, strengthening our SOC 2 program, and scaling our security posture alongside the business. From tuning GuardDuty and locking down IAM to implementing Google Workspace DLP and authoring the policies that govern how we protect data — this role spans cloud and corporate security with meaningful impact across both. You'll work closely with our IT Support, Network Engineering, and Engineering leadership.Key Responsibilities:Conduct a full AWS security posture assessment - IAM, S3 bucket policies, VPC security groups, exposed endpoints, and logging gaps - and deliver a prioritized remediation roadmapActivate and tune AWS Security tools across all accounts and regionsEnforce least-privilege IAM - eliminate wildcard permissions, audit all existing roles, and implement role-based access patternsEnable AWS Config Rules and automated remediation for common misconfigurations - public S3 buckets, unencrypted volumes, unrestricted security groupsDesign and implement a secrets management strategyEstablish a vulnerability management program for cloud workloadsOwn cloud infrastructure incident response - detection, triage, containment, and post-incident reviewImplement DLP policies - data classification, external sharing controls, and external forwarding restrictionsManage and mature the Zero Trust / VPN solutionOwn SIEM selection and deployment; configure alerting and on-callImplement phishing-resistant MFA (hardware keys or passkeys) for privileged accountsConduct annual security awareness training and quarterly phishing simulationsMaintain security policies: Acceptable Use, Access Control, Incident Response, Vulnerability Management, and Data ClassificationOwn SOC 2 Type II continuous compliance and conduct a controls gap assessmentPartner with Engineering to implement security controls in the SDLC - SAST, dependency scanning, and secrets detection in CI/CD pipelinesOwn the vendor security review process - evaluate third-party tools for risk before procurementMaintain a risk register and report quarterlyBuild and own the Incident Response Plan - define severity levels, escalation paths, and communication templatesQualifications:5–8 years of security engineering experience with a strong AWS focusHands-on experience with AWS security services - GuardDuty, Security Hub, CloudTrail, Config, IAM, and Service Control PoliciesDemonstrated SOC 2 or ISO 27001 readiness experience - ideally as primary technical leadProficiency in at least one SIEM platform - Splunk, Elastic, Panther, or equivalentScripting/automation ability in Python or BashGoogle Workspace security and administration experienceStrong written communication - security policies, runbooks, and executive summariesPreferred SkillsRelevant certifications: AWS Security Specialty, CISSP, CCSP, or CISMExperience with IaC security scanning (Checkov, tfsec) and CI/CD pipeline security integrationFamiliarity with compliance automation platforms such as Drata or VantaExperience at a startup scaling from Series A to Series CFamiliarity with network segmentation and OT/corporate network boundary designBRINC Culture Values:Try the hard stuffBe innovative - Invent the futureMove fastListen to end-usersStrive for excellenceDon’t build a dystopiaBe frugalSave lives through technologyIf you’re interested in this role and in joining BRINC, we hope you’ll apply. We’d love to review your application and get to know more about you!BRINC is proud to be an equal opportunity employer that is resolute in cultivating an environment that promotes safety, diversity, inclusion and equity. We’re committed to hiring the best talent — regardless of race, creed, color, ancestry, religion, sex (including pregnancy), national origin, sexual orientation, age, citizenship status, marital status, disability, gender identity, genetic information, veteran status, or any other characteristic protected by applicable laws, regulations and ordinances — and empowering every employee so they can do their best work. If you have a disability or special need, please let our recruiting team know - we strive to provide appropriate accommodation and assistance.Benefits and perks listed below may vary based on the nature of your employment with BRINC and/or the country within which you workComprehensive medical, dental and vision plans for our employees and their families401K planMaternity and paternity leaveFlexible Time Off (Exempt) / Paid time off (Non-Exempt)Flexible work environmentOrca pass (for those in Puget Sound)Free parking (Seattle office)Free snacks, drinks and espresso (Seattle office)