Activecampaign

Senior Security Engineer

Apply Now

Job Description

We are looking for a Senior Security Engineer to own and advance the security of our cloud estate and the automated tooling that protects it. In this role, you won't just be managing alerts or triaging tickets—you'll be at the forefront of architecting controls across our AWS infrastructure, hardening our containerized pipelines, and building the automation necessary to scale security without scaling headcount. You'll work in a lean, engineering-first environment where your technical decisions directly shape how we secure our platform, our build systems, and our identity infrastructure. If you have a passion for treating security as code and want to see your contributions directly safeguard our company's trajectory, this is your opportunity to make a significant impact.


On a typical day, you might:
  • Define and drive cloud security architecture and secure-by-default patterns across our AWS environment (IAM, VPC design, network segmentation, encryption, and KMS).
  • Own and optimize our CNAPP tooling (Wiz), turning runtime, posture, and vulnerability signals into prioritized, automated remediation workflows.
  • Engineer security directly into our CI/CD and Infrastructure-as-Code workflows, embedding build-time scanning and supply chain guardrails before code ships.
  • Harden containerized workloads, cluster configurations, workload isolation, and image supply chain integrity.
  • Build production-grade automation in Python using our SOAR platform to eliminate manual toil, drive auto-remediation, and streamline vendor integrations.
  • Partner cross-functionally with Identity and SecOps teams to close cloud detection blind spots, feed high-fidelity telemetry into security operations, and re-architect authentication design.
  • Prototype and evaluate emerging data sources and cutting-edge tooling, including AI/LLM-driven approaches to scale cloud security work. 
  • Note: This position requires participation in an on-call rotation to respond to critical security incidents.

     


    What is needed:
  • 5+ years of hands-on experience in security engineering, with deep, proven ownership of cloud security in an AWS-primary environment.
  • Strong technical proficiency in Infrastructure-as-Code, specifically reading and writing Terraform to enforce AWS IAM, VPC segmentation, and encryption patterns as code rather than documentation.
  • Expertise with CNAPP/CSPM platforms (Wiz, Orca, or similar) at the level of tuning policy, driving engineering remediation pipelines, and system integration.
  • Practical experience securing containerized workloads on Kubernetes (EKS or equivalent), including cluster hardening, image scanning, and runtime protection. 
  • A solid grasp of CI/CD security, including artifact/supply chain integrity and embedding guardrails into pipelines without becoming a blocker to engineering velocity. 
  • Proficiency in Python for building real-world automation, auto-remediation workflows, and data pipelines. 
  • An engineering-first mindset with exceptional collaboration skills, allowing you to partner seamlessly with platform and operations teams to solve complex infrastructure challenges.