Hex, a data platform company that provides powerful, collaborative analytics workflows, is seeking an experienced Cloud Security Engineer. You will be responsible for ensuring the security and resilience of the platform’s cloud infrastructure and providing leadership in cloud security practices, especially regarding their RCE-as-a-Service platform.

This is a full-time position available in San Francisco (SF), New York City (NYC), or Remote (USA). The salary range for this role is $180,000 – $220,000.

Core Responsibilities and Container Security Mandate

This role requires close collaboration with infrastructure and engineering teams to embed security controls into cloud-native applications, focusing heavily on securing Kubernetes deployments and maintaining infrastructure-as-code standards.

• Security Design and Isolation: Design, implement, and manage security solutions and controls for AWS environments and Kubernetes clusters, including appropriate isolation/sandboxing methods for Hex’s RCE-as-a-Service platform.
• IaC and Enforcement: Build, deploy, and maintain infrastructure-as-code using Terraform, ensuring robust security standards are enforced throughout.
• Assessment and Audits: Conduct security assessments, threat modeling, and audits on AWS cloud infrastructure and Kubernetes deployments.
• DevSecOps Integration: Collaborate with development and operations teams to embed security best practices into CI/CD pipelines (Secure Software Development Lifecycle).
• Compliance Expertise: Provide expertise in compliance requirements related to cloud security, including SOC 2, ISO 27001, GDPR, HIPAA, and PCI DSS.
• Incident Response: Monitor and respond to cloud security incidents, identifying root causes and recommending remediation actions.
• Mentorship: Mentor engineers and advocate for cloud security across the organization.

Required Experience and Technical Qualifications

The ideal candidate has extensive expertise in AWS and demonstrable proficiency in Kubernetes security, combining infrastructure experience with deep security knowledge.

• Experience (Required):
  • 5+ years of experience in cloud security engineering, with extensive expertise in AWS.
  • Expert-level knowledge and hands-on experience with Terraform.
• Kubernetes Security Proficiency: Demonstrated proficiency with Kubernetes security, including cluster hardening, Role-Based Access Control (RBAC), network policies, and container vulnerability management.
• Security Tooling Familiarity:
  • Familiarity with AWS security services (e.g., IAM, GuardDuty, Security Hub, CloudTrail, WAF).
  • Familiarity with CNAPP solutions such as Wiz.
  • Familiarity with SIEM solutions such as Panther.
• Methodology: Solid understanding of secure software development lifecycle practices, CI/CD security, and DevSecOps methodologies.
• Preferred Certifications (Highly Desirable):
  • AWS Certified Security – Specialty
  • Certified Kubernetes Security Specialist (CKS)
  • Terraform Associate certification
  • Security certifications from SANS or OffSec.