×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity Systems Engineer Security Manager Cloud Computing

Member of Technical Staff, Security​/DevSecOps

Job in San Francisco, San Francisco County, California, 94199, USA
Listing for: Envoy
Full Time position
Listed on 2025-12-01
Job specializations:
  • IT/Tech
    Cybersecurity, Systems Engineer, Security Manager, Cloud Computing
Job Description & How to Apply Below

Member of Technical Staff, Security/Dev Sec Ops

This range is provided by Envoy. Your actual pay will be based on your skills and experience — talk with your recruiter to learn more.

Base pay range

$/yr - $/yr

Envoy builds workspace management technology that makes it simple to run secure, compliant, and connected workplaces across every location. Over 16,000 workplaces and properties around the world rely on Envoy to create great experiences for employees and visitors while meeting safety, security, and compliance needs m corporate headquarters and labs to manufacturing sites, Envoy powers the places where people work best together.

Learn more at

About

The Role

Envoy’s engineering organization is scaling rapidly in the cloud. We are looking for an experienced Cloud Security / Dev Sec Ops  Engineer to harden our AWS environments, embed security into our CI/CD pipelines, and champion secure-by-default infrastructure practices.

We are looking for exceptional engineers to join our growing team  love to drive innovation in the workplace through hack projects.

This onsite position requires 4 days a week (Monday-Thursday) in our San Francisco HQ office.

You will
  • Design, implement, and continuously improve security controls in AWS, including IAM policies, VPC network segmentation, Security Groups, and secure service configuration (e.g., S3, RDS, Lambda).
  • Own WAF management (Cloudflare WAF) — authoring rules, tuning managed rulesets, and monitoring attacks.
  • Integrate automated security guardrails into CI/CD pipelines (Git Hub Actions) for IaC, container images, and serverless deployments.
  • Implement and enforce Infrastructure‑as‑Code (IaC) security scanning using tools such as tfsec, Trivy, Checkov, or Terrascan, with gating for critical findings.
  • Lead container and orchestration security for Docker and Kubernetes/EKS, including image scanning, admission controls, runtime monitoring (Falco), and benchmark enforcement (kube‑bench).
  • Establish and operate secrets‑management best practices using tools like Hashi Corp Vault, AWS Secrets Manager, or SOPS, ensuring least‑privilege access.
  • Deploy, tune, and maintain AWS security services — Guard Duty, Security Hub, Config, Cloud Trail, IAM Access Analyzer — for continuous detection and compliance.
  • Conduct cloud threat modeling and risk assessments (STRIDE, AWS Well‑Architected Framework) to identify gaps and prioritize mitigations.
  • Automate security compliance reporting against frameworks such as CIS Benchmarks and NIST 800‑53 using IaC and policy‑as‑code (e.g., Open Policy Agent).
  • Collaborate with infrastructure and product engineering teams to embed security early and unblock delivery velocity.
You are
  • Autonomous and highly organized, thriving in a fast‑moving environment.
  • Passionate about enabling secure cloud engineering without blocking developer velocity.
  • Intellectually curious, always experimenting with new cloud security tooling and best practices.
  • A clear, concise communicator who can translate complex security topics for diverse stakeholders.
You have
  • Hands‑on expertise securing AWS workloads, multi‑account architectures, and VPC design.
  • Deep knowledge of IAM policy design, role‑based access control, and least‑privilege enforcement.
  • Proficiency with Terraform or Cloud Formation and experience implementing IaC security scans in CI/CD.
  • Demonstrated experience managing WAF solutions and mitigating web‑layer attacks (OWASP Top 10, bot mitigation).
  • Experience hardening container images and Kubernetes/EKS clusters, plus familiarity with container runtime security.
  • Strong scripting skills in Python, Go, or similar for automation and tooling integration.
  • Experience performing cloud security risk assessments and threat modeling for new services.
  • Familiarity with AWS security tooling (Guard Duty, Config, Security Hub, Macie, Access Analyzer).
  • Excellent written and verbal communication skills and the ability to educate engineers on secure practices.
  • Preferred certifications: AWS Certified Security – Specialty, CISSP, GIAC Cloud Security Automation (GCSA).
You’ll get
  • A high degree of trust in your ideas and execution
  • An opportunity to partner and collaborate with other talented people
  • An…
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)

Job Posting Language
Employment Category
Education (minimum level)
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search