Security Site Reliability Engineer

Security Site Reliability Engineer

We are a fragrance company merging smart home technology and premium scents. We need a dedicated Security SRE to own the security posture of our AWS and GCP environments.

You’ll be the first dedicated Security SRE, reporting to the CISO. This high‑impact, high‑autonomy position involves hardening infrastructure, enforcing secure patterns in Terraform, oversight of patching, and incident response.

• Cloud infrastructure security across AWS and GCP – IAM policies, network segmentation, encryption, and compliance with CIS benchmarks.
• Hardening Terraform IaC – secure modules, policy‑as‑code enforcement, and preventing misconfigurations.
• Security oversight of patching – verifying coverage, flagging gaps, and ensuring critical vulnerabilities are remediated.
• Management of cloud‑native security tooling – Guard Duty, Security Hub, Cloud Armor, Config Rules.
• Support for Wazuh SIEM – extend log ingestion and tune detection rules.
• Collaboration with engineering teams to embed secure infrastructure patterns.
• ISO 27001 compliance support – maintaining evidence of controls.
• Incident response – containment, remediation, documentation, and improvement.

• 3+ years in SRE, Dev Ops, or Infrastructure Engineering with a security focus.
• Hands‑on AWS experience: IAM, VPC, EKS/ECS, Security Hub, Guard Duty, Cloud Trail, Config.
• Experience with GCP – depth not as critical as AWS.
• Advanced Terraform skills – building modules, not just applying.
• Experience with Kubernetes security: RBAC, network policies, pod security, and image scanning.
• Solid Linux systems administration and OS‑level hardening background.
• Programming experience in Go, Type Script, Python, or Bash for automation.
• Centralized logging experience – Wazuh, ELK, Datadog, or Grafana.

• Experience with Wazuh SIEM.
• Familiarity with policy‑as‑code frameworks (OPA, Sentinel, Checkov).
• Container security scanning (Trivy, Snyk, Aqua).
• Incident response background from an infrastructure perspective.
• IoT backend or high‑volume device API security experience.
• ISO 27001 or similar compliance frameworks knowledge.
• Relevant certifications (AWS Security Specialty, CKS).

• Automation‑oriented: prefer automated over manual processes.
• Think in terms of blast radius and defense in depth.
• Can explain infrastructure security concepts to developers without condescension.
• Comfortable building the first playbook in an unknown role.
• Stay current on cloud security threats and vulnerability disclosures.
• Excited to grow – the role offers a clear path to senior level.

Pura provides equal employment opportunities to all employees and applicants and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws.

All candidates are subject to a background check.