Security Engineer - Cloud Application Security (QB - CloudSE - 20250919)

Remote
Celara /
Contract /
Remote
Apply for this job
We are building an Agile Security Operations team where you’ll own the design and implementation of core application and cloud security controls.
This role offers an exciting opportunity for a security engineer who wants to take ownership of secure development practices, vulnerability management, and cloud posture hardening—bridging the gap between product engineering and security operations.

You’ll be hands-on with code reviews, automated scanning, container and serverless security, and partner closely with developers and DevOps to reduce risk in real systems.

This isn’t a policy-only role—it’s for someone who builds, automates, and drives security into the fabric of our applications and cloud infrastructure.

What You'll Own

    • Application Security
    • Implement and enhance secure code review practices with tools like SonarQube and Semgrep
    • Automate SAST/DAST scanning in CI/CD pipelines for services, APIs, and containers
    • Manage open-source library risk: SBOM generation, dependency scanning, CVE and license tracking
    • Partner with developers to remediate findings and embed security into code review and release workflows
    • Support penetration testing efforts and coordinate remediation of web, API, and business logic vulnerabilities
    • AWS Cloud Security
    • Work with our Cloud Security Posture Management solution to improve security controls across our AWS environment, including ECS/ECS-Anywhere workloads.
    • Own the configuration and optimization of AWS security services (GuardDuty, Security Hub, Config, CloudTrail)
    • Take ownership of encryption strategies using AWS KMS, certificate management, and secrets management
    • Container & Serverless Security
    • Secure our ECS and ECS-Anywhere container deployments with runtime protection and monitoring
    • Implement container image scanning and vulnerability management workflows
    • Design security frameworks for Lambda functions and serverless architectures
    • Build security automation for container and function lifecycle management
    • AI & Emerging Technology Security
    • Contribute to the development and security of Qu’s AI infrastructure, including AWS Bedrock, Lambda, agentic frameworks, and Model Context Protocol (MCPs)
    • Implement prompt hardening, secrets protection, and access controls for AI-powered services
    • Develop security monitoring and response strategies for AI agents and workloads
    • Research and integrate best practices for AI model security, data protection, and compliance
    • Compliance & Governance
    • Ensure application and cloud environments meet SOC 2, PCI, and ISO compliance requirements
    • Implement automated compliance monitoring, drift detection, and reporting
    • Design and maintain security baselines and configuration standards
    • Create compliance evidence collection workflows aligned to developer pipelines

What You Bring

    • AWS & Cloud Security Expertise
    • Experience securing containerized applications (ECS, Docker) and serverless workloads (Lambda) in AWS
    • 2+ years of hands-on AWS security experience with demonstrated expertise in services like GuardDuty, Security Hub, Config, and CloudTrail
    • AWS Security Specialty, Solutions Architect Professional, or equivalent certification (or readiness to earn certification)
    • Application Security Expertise
    • Experience working in SaaS.
    • Strong knowledge of secure development practices and code review processes
    • Hands-on experience with SAST/DAST tools (e.g., SonarQube, Sentry, WIZ, Tenable Vulnerability Management, Snyk, Chainguard, Upwind, Orca)
    • Experience with dependency and container image scanning (Trivy, Grype) and SBOM generation
    • Familiarity with penetration testing for web apps, APIs, and business logic vulnerabilities
    • AI & Emerging Technology Security
    • Experience (or strong interest) in securing AI services such as AWS Bedrock, agentic frameworks, or Model Context Protocol (MCPs)
    • Understanding of prompt injection risks, model misuse, and secure integration of AI/LLM agents
    • Ability to design controls for AI data protection, secrets management, and monitoring AI-driven workloads
    • Technical Leadership & Automation
    • Proven track record of designing and implementing security architecture from scratch
    • Experience with Infrastructure as Code (CloudFormation, Terraform) for security automation
    • Proficiency in scripting (Python, PowerShell, or similar) to build automations and incident response workflows
    • Strong knowledge of runtime protection and continuous monitoring for containers and cloud services
    • Ownership & Innovation
    • History of building security controls that scale with rapid business growth and technical debt
    • Ability to work independently while collaborating effectively with DevOps and product engineering teams
    • Strong problem-solving mindset with bias for action and continuous improvement
    • Customer-focused approach to balancing business needs, compliance, and security requirements
Apply for this job

Celara Home Page

Jobs powered by Lever logo