Job Summary:
DISQO is dedicated to building a trusted ad measurement platform that empowers brand growth. They are seeking a Senior Security Engineer to take ownership of their security posture, managing both AWS cloud and endpoint security while leading day-to-day security operations and implementing Zero Trust principles.
Responsibilities:
• Own the security posture of our AWS environment: IAM, networking, encryption, KMS, secrets management, and multi-account governance.
• Operate AWS-native security services: GuardDuty, Security Hub, Config, IAM Access Analyzer, Macie, Inspector, CloudTrail, and Control Tower.
• Design and review secure-by-default patterns for new services. Provide security guidance on Terraform, CloudFormation, and CDK changes.
• Drive identity, network, and data perimeter strategy. Reduce blast radius and enforce least privilege across accounts.
• Harden container, serverless, and Kubernetes (EKS) workloads where they touch sensitive data.
• Run day-to-day SecOps: detection engineering, alert triage, threat hunting, and incident response.
• Tune and operate the SIEM, SOAR, and EDR stack (e.g., CrowdStrike). Author and maintain detections as code.
• Drive the implementation of Zero Trust principles and manage endpoint security for employee devices, including local admin removal for employees handling customer data.
• Lead incident response end-to-end: containment, forensics, root cause, customer comms, and blameless postmortems.
• Run vulnerability management and patching cadence; track and drive remediation SLAs.
• Build runbooks, on-call playbooks, and tabletop exercises that keep the team sharp.
• Use AI coding agents (Claude Code, Cursor, Copilot, or similar) daily to accelerate security engineering work.
• Build automations and small services that turn manual security work into repeatable, code-defined workflows.
• Apply AI to scale Tier-1 triage, alert enrichment, IR draft communications, and detection content authoring.
• Help shape security guardrails for AI tooling and AI-related workloads as they emerge in our stack.
• Support SOC 2 Type I/II and similar audits: evidence collection, control mapping, and customer questionnaire response.
• Run third-party and vendor security assessments.
• Manage security awareness training and the anti-phishing program.
• Manage relationships and contracts with security vendors (MSSP, EDR, WAF, vulnerability management, etc.).
• Champion the DevSecOps mindset and foster a security-first culture across engineering teams.
• Be the go-to technical reviewer for new product surfaces, infrastructure designs, and data flows.
• Partner with Legal and Privacy on regulatory requirements, control implementation, and audit readiness.
• Mentor engineers on secure coding, threat modeling, and cloud security best practices.
Qualifications:
Required:
• Experience: 6+ years in cloud security, security operations, or infrastructure security, with hands-on production experience (not policy-only).
• AWS Depth: Strong working knowledge of AWS security: IAM, VPC, KMS, GuardDuty, Security Hub, CloudTrail, Config, and multi-account governance.
• Security Operations: Hands-on security incident response experience. You have led real investigations, written postmortems, and tuned detections in a SIEM/SOAR.
• Coding Ability: Comfortable scripting and building small services in Python, Go, or similar. You ship automation, not just tickets.
• AI-Enabled Workflow: Use AI coding agents (Claude Code, Cursor, Copilot) as part of your default workflow, not as an experiment.
• Frameworks: Working knowledge of NIST CSF, CIS Controls, OWASP Top 10, and MITRE ATT&CK.
• Experience implementing cloud-native detection and monitoring.
• Audit experience: SOC 2, ISO 27001, PCI, or similar.
• Hands-on experience with endpoint security, including EDR (e.g., CrowdStrike), local admin removal, and device management/hardening.
Preferred:
• Detection engineering and SOAR/automation experience at scale.
• IaC security: Terraform, CDK, or CloudFormation, plus CI/CD security gates and policy-as-code (OPA, Cedar).
• Container and Kubernetes (EKS) security.
• Multi-cloud exposure (GCP or Azure) in addition to AWS.
• Familiarity with AI/LLM security (OWASP LLM Top 10, MITRE ATLAS, NIST AI RMF). Useful but not required.
• Certifications: AWS Security Specialty, CISSP, CCSP, GCIH, GCIA, GCFA, or OSCP.
• Built custom MCP servers, agent frameworks, or in-house security tooling.
• Open-source contributions to cloud security or detection engineering tooling.
Company:
DISQO develops an audience insights platform designed to connect brands and people. Founded in 2015, the company is headquartered in Glendale, USA, with a team of 201-500 employees. The company is currently Growth Stage.