Security Engineer

Job not on LinkedIn

🔥 0 minutes ago

Apply Now

Find Similar Remote Jobs

Receive Emails For Remote Jobs

📊 Check your resume score for this job

Improve your chances of getting an interview by checking your resume score before you apply.

Upload Resume

Flox

WebsiteLinkedInAll Job Openings

11 - 50 employees

☁️ SaaS

⚡ Productivity

Software • SaaS • Productivity

Flox is an integrated software platform designed for teams to effectively manage software and its dependencies throughout the entire software lifecycle. It simplifies the onboarding process for new projects, allowing developers to quickly set up their environments with minimal complexity. Flox environments are flexible and can be easily composed, synchronized, and shared, ensuring consistent performance across various architectures and operating systems. The tool aims to address common issues in development, such as the notorious 'it works on my machine' problem, providing a reliable and efficient solution for managing software development environments.

📋 Description

• Help evaluate whether to stand up an internal SIEM or work with an outsourced SOC provider—then implement whichever path makes sense for where we are as a company. • Build incident response runbooks and triage workflows—then actually test them (e.g. test backups in case needed for ransomware recovery) • Be the person who sees something and does something about it • Scan and harden our AWS posture hands-on: IAM policies, SCPs, security group hygiene, GuardDuty, Security Hub, and automated compliance guardrails need to be evaluated and maintained • Own Cloudflare configuration across WAF rules, DDoS protection, bot management, Zero Trust access, and DLP policies—keeping rules current and tuned as the product evolves • Implement IaC security scanning (Checkov, tfsec, or similar) directly into CI/CD pipelines • Deploy and manage endpoint protection across developer systems and production endpoints—covering EDR, device posture, behavior monitoring (including dynamic scans), DLP, and threat detection • Ensure developer machines (Mac-heavy environment typical of engineering teams) meet baseline security standards while minimizing friction that slows people down. • Define and enforce endpoint compliance policies, including disk encryption, patch posture, and application controls • Secure our build and release pipelines • Consider SLSA framework adoption and supply chain integrity attestations for our catalog and environments • Stand up dependency vulnerability scanning and own the remediation workflow end-to-end for third-party services, libraries, middleware, operating systems, and SaaS • Integrate SAST and SCA tooling (Semgrep, Snyk, GitHub Advanced Security) into developer workflows • Participate in security design reviews and threat modeling for new features • Work shoulder-to-shoulder with developers to find and fix vulnerabilities using a risk-based model instead of just vulnerability aging reports • Audit and rationalize IAM across AWS, Cloudflare, SaaS applications, and internal tooling; implement the fixes, not just the findings • Drive SSO consolidation, enforce MFA universally, and implement least-privilege access in practice, not just policy • Build a lightweight, repeatable access review process—something that actually runs on a cadence and produces real decisions • Own joiner/mover/leaver processes so that entitlements stay clean as the team grows • Evaluate and implement an appropriate identity governance solution for our stage—not an enterprise IGA platform, but something that gives us control and auditability

🎯 Requirements

• 3–5 years of hands-on security engineering experience, ideally at a software company or cloud-native environment • A demonstrable track record of implementing security tools and controls, not just scoping or recommending them • Solid working knowledge of AWS security services: IAM, SCPs, GuardDuty, Security Hub, CloudTrail, and related tooling • Hands-on experience with Cloudflare—WAF rule management, Zero Trust, DLP, or similar; comfort learning what you haven’t used yet • Experience deploying and managing endpoint protection (EDR/MDM) across a mixed developer and production environment • Familiarity with software supply chain concepts: SBOMs, dependency management, artifact signing, SLSA • Experience integrating SAST, SCA, or DAST tools into CI/CD pipelines • Comfort with scripting or light automation (Python, Bash, or similar) to build repeatable processes • Ability to work independently, ruthlessly prioritize, and operate without a playbook • The kind of person who is bothered when something is insecure and doesn’t wait for someone else to fix it.

🏖️ Benefits

• Competitive salary • Meaningful equity in a well-funded company • Flexible hybrid environment