About the Role:
CloudZero is seeking our first Senior Application Security Engineer. In this pivotal role, you will shape the security framework of our market-leading cloud cost intelligence platform, addressing some of the most critical challenges cloud-driven businesses face today. You will establish and champion best-in-class security practices, ensuring our platform remains resilient and our customers’ sensitive data is always safeguarded.
Collaborating closely with our engineering teams, you will design and implement secure development processes, identify and address vulnerabilities, and foster a security-first mindset throughout our product lifecycle. This is a unique opportunity to make a foundational impact on the security of an innovative, fast-growing company by building scalable, proactive solutions that protect both our platform and the customers who trust us.

Responsibilities:

• Develop and Lead Security Programs:
• Build and lead our application security program, aligning security initiatives with business and engineering priorities.
• Champion and drive a Security Champions Program to empower developers and cultivate a security-first culture across the organization.
• Integrate Security into Development:
• Promote and implement processes that make security a shared responsibility, integrating it seamlessly into our development lifecycle.
• Equip developers with the tools and guidance to make secure choices easy, scalable, and effective.
• Collaborate Across Teams:
• Partner with Engineering and the broader Security organization to embed security into development and deployment processes.
• Work closely with Engineering and SecOps teams to secure our AWS-based infrastructure, ensuring adherence to best practices for identity management, logging, and secure configurations.
• Collaborate with Security and Operations teams to align on broader security initiatives and enhance overall resilience.
• Security Assessments and Risk Mitigation:
• Conduct security assessments, code reviews, threat modeling, and penetration testing to identify and mitigate risks early.
• Manage and optimize application security tooling, including static (SAST) and dynamic (DAST) analysis tools and CI/CD integrations.
• Automation and Innovation:
• Explore and implement security automation to improve efficiency and coverage, utilizing your Python expertise to build scalable tools and workflows.
• Stay ahead of emerging threats, trends, and technologies to keep our applications, APIs, and cloud environments secure.
• Incident Response:
• Participate in our incident response team on-call rotation to address and resolve security incidents promptly.