Security Engineer - Cloud Application Security (QB - CloudSE - 20250919)

We are building an Agile Security Operations team where you’ll own the design and implementation of core application and cloud security controls. This role offers an exciting opportunity for a security engineer who wants to take ownership of secure development practices, vulnerability management, and cloud posture hardening—bridging the gap between product engineering and security operations.
You’ll be hands-on with code reviews, automated scanning, container and serverless security, and partner closely with developers and DevOps to reduce risk in real systems.
This isn’t a policy-only role—it’s for someone who builds, automates, and drives security into the fabric of our applications and cloud infrastructure.

What You'Ll Own

• Application Security
• Implement and enhance secure code review practices with tools like SonarQube and Semgrep
• Automate SAST/DAST scanning in CI/CD pipelines for services, APIs, and containers
• Manage open-source library risk: SBOM generation, dependency scanning, CVE and license tracking
• Partner with developers to remediate findings and embed security into code review and release workflows
• Support penetration testing efforts and coordinate remediation of web, API, and business logic vulnerabilities
• AWS Cloud Security
• Work with our Cloud Security Posture Management solution to improve security controls across our AWS environment, including ECS/ECS-Anywhere workloads.
• Own the configuration and optimization of AWS security services (GuardDuty, Security Hub, Config, CloudTrail)
• Take ownership of encryption strategies using AWS KMS, certificate management, and secrets management
• Container & Serverless Security
• Secure our ECS and ECS-Anywhere container deployments with runtime protection and monitoring
• Implement container image scanning and vulnerability management workflows
• Design security frameworks for Lambda functions and serverless architectures
• Build security automation for container and function lifecycle management
• AI & Emerging Technology Security
• Contribute to the development and security of Qu’s AI infrastructure, including AWS Bedrock, Lambda, agentic frameworks, and Model Context Protocol (MCPs)
• Implement prompt hardening, secrets protection, and access controls for AI-powered services
• Develop security monitoring and response strategies for AI agents and workloads
• Research and integrate best practices for AI model security, data protection, and compliance
• Compliance & Governance
• Ensure application and cloud environments meet SOC 2, PCI, and ISO compliance requirements
• Implement automated compliance monitoring, drift detection, and reporting
• Design and maintain security baselines and configuration standards
• Create compliance evidence collection workflows aligned to developer pipelines

What You Bring

• AWS & Cloud Security Expertise
• Experience securing containerized applications (ECS, Docker) and serverless workloads (Lambda) in AWS
• 2+ years of hands-on AWS security experience with demonstrated expertise in services like GuardDuty, Security Hub, Config, and CloudTrail
• AWS Security Specialty, Solutions Architect Professional, or equivalent certification (or readiness to earn certification)
• Application Security Expertise
• Experience working in SaaS.
• Strong knowledge of secure development practices and code review processes
• Hands-on experience with SAST/DAST tools (e.g., SonarQube, Sentry, WIZ, Tenable Vulnerability Management, Snyk, Chainguard, Upwind, Orca)
• Experience with dependency and container image scanning (Trivy, Grype) and SBOM generation
• Familiarity with penetration testing for web apps, APIs, and business logic vulnerabilities
• AI & Emerging Technology Security
• Experience (or strong interest) in securing AI services such as AWS Bedrock, agentic frameworks, or Model Context Protocol (MCPs)
• Understanding of prompt injection risks, model misuse, and secure integration of AI/LLM agents
• Ability to design controls for AI data protection, secrets management, and monitoring AI-driven workloads
• Technical Leadership & Automation
• Proven track record of designing and implementing security architecture from scratch
• Experience with Infrastructure as Code (CloudFormation, Terraform) for security automation
• Proficiency in scripting (Python, PowerShell, or similar) to build automations and incident response workflows
• Strong knowledge of runtime protection and continuous monitoring for containers and cloud services
• Ownership & Innovation
• History of building security controls that scale with rapid business growth and technical debt
• Ability to work independently while collaborating effectively with DevOps and product engineering teams
• Strong problem-solving mindset with bias for action and continuous improvement
• Customer-focused approach to balancing business needs, compliance, and security requirements