Senior Infrastructure Security Engineer

Our Client is seeking a Senior Infrastructure Security Engineer to join our fast-moving Security team. In this role, you will focus on securing our cloud infrastructure and assisting in the detection and incident response efforts across our AWS and GCP environments. We work on a range of interesting and challenging problems – from supporting thousands of concurrent shoppers and processing millions of data points in real time, to determining the best routes for deliveries and predicting store inventory levels. Protecting our customers', shoppers', and partners' data while providing a secure and seamless platform to shop is critical to our mission.

As a key member of the Security team, you will contribute to our client security posture and engineering culture. This is a great opportunity for someone who wants to take ownership of security initiatives and grow their career in a cross-functional environment. Our platform is complex, rapidly scaling, and processes millions of transactions in real-time. We value engineers who can work independently with minimal guidance, collaborate with stakeholders across the organization, and proactively drive security improvements. If you are passionate about building robust security systems, automating threat detection and response, and working across teams to solve challenging infrastructure security problems, we want to hear from you

• Secure Cloud Infrastructure: Design, implement, and maintain security controls for our AWS and GCP environments to protect our cloud infrastructure.
• Threat Detection & Incident Response: Build, deploy, and maintain tools to improve threat detection, logging, and incident response capabilities. This includes deploying centralized log aggregation and detection systems (e.g. our in-house SIEM, AWS GuardDuty, Datadog, Sentry) to monitor for suspicious activity and quickly triage security events.
• On-Call and Response Readiness: Participate in on-call rotation as part of our Detection & Response strategy, ensuring that critical security incidents are addressed promptly and effectively.
• Detection & Remediation Controls: Design and implement automated detection rules and remediation workflows around our cloud infrastructure. Leverage tools like Wiz (cloud security posture management) and custom scripts to continuously scan for misconfigurations or threats, and implement guardrails that enforce security best practices.
• Identity and Access Management: Create, review, and maintain fine-grained RBAC policies across AWS, GCP, and Kubernetes, following the principle of least privilege. Use and evaluate tools such as ConductorOne or AWS IAM Access Analyzer to manage identities and permissions at scale.
• Security Tooling & Automation: Evaluate, recommend, and integrate new infrastructure security tools and technologies to strengthen our security posture. Wherever possible, automate repetitive security processes (for example, using Terraform for security infrastructure as code or scripting responses to common threats) so that the team can focus on new challenges.
• Cross-Functional Collaboration: Work closely with cross-functional teams like ProdSec, Detection and Response, to ensure security is built into system and application architectures from the start. Provide consulting and advisory services to other teams to help design and review systems with security in mind, and drive adoption of security best practices across the organization.
• Abuse and Vulnerability Management: Proactively monitor for abuse or anomalous activities in our platform and collaborate with teams to mitigate fraud or abuse cases. Assist with vulnerability management efforts by working with developers to triage and remediate infrastructure-layer vulnerabilities, ensuring our systems remain resilient against real-world threats.

• 7+ years of experience in Infrastructure Security, Security Engineering, or related fields (or equivalent hands-on experience), with a track record of improving security in cloud environments.
• Programming and Automation Skills: Proficiency in at least one programming or scripting language (e.g. Python or Go), and experience automating tasks or building tools to solve security problems. You can read and write code to integrate with APIs, process logs, or build internal tools as needed.
• Cloud & DevOps Expertise: Strong experience with cloud infrastructure (GCP required; AWS highly preferred) and infrastructure-as-code or DevOps tools. Hands-on knowledge of Terraform for provisioning cloud resources, and experience with containerization and orchestration (Docker and Kubernetes).
• Holistic Architecture Understanding: Ability to understand complex application and system architectures holistically and identify potential security weaknesses. You are comfortable reviewing system designs, data flows, and integrations to spot risks and propose safeguards.
• Threat Detection & Response Experience: Practical experience identifying, analyzing, and responding to real-world security threats in a production environment. You know how to quickly scope an incident, contain its impact, eradicate the root cause, and follow up with lessons learned.
• Automation Mindset: A strong desire to automate repetitive tasks and current challenges. You continually look for ways to build scalable solutions (scripts, tools, frameworks) that eliminate manual work and reduce the likelihood of human error, allowing the team to focus on the next set of security challenges.
• Communication & Collaboration: Excellent communication and interpersonal skills. You can work independently with minimal supervision, yet also enjoy collaborating with others. You're able to effectively partner with engineers, stakeholders, and leadership across the company – translating security findings into actionable recommendations and navigating trade-offs between security and business needs.

• Compliance Knowledge: Familiarity with security compliance standards and data privacy regulations such as GDPR, CCPA, SOC 2, etc. Experience implementing or maintaining controls to meet these compliance requirements is a plus.
• Application Security Experience: Experience triaging and resolving security vulnerabilities at the application layer. This could include working with development teams to fix OWASP Top 10 issues, performing secure code reviews, or using tools like SAST/DAST scanners to improve application security.
• Ephemeral & Scalable Environments: Experience securing highly ephemeral or dynamic cloud environments (such as auto-scaling groups, serverless architectures, or CI/CD pipelines). You understand the unique security challenges in environments where infrastructure comes and goes frequently, and how to design controls that keep up with that pace.
• Security Tools & Platforms: Hands-on experience with modern security monitoring and incident response tools. For example, familiarity with Wiz or similar cloud security posture management platforms, using Datadog or Sentry for monitoring and alerting, leveraging AWS GuardDuty or other threat detection services, and knowledge of identity governance solutions like ConductorOne. Experience integrating or tuning these tools in a production environment is a bonus.

• Mid-Senior level

• Contract

• Information Technology

• Consumer Services