Description

Job Title: Cloud Security Engineer

As our Cloud Security Engineer at ButterflyMX, you’ll be a leader wearing multiple “security hats” to ensure the resilience, safety, confidentiality, availability & integrity of our cloud, IoT, mobile, web-based solutions & data throughout the environment. This role will report directly into our VP of Information Security & Privacy.

Responsibilities:

• Design, implement, mature & maintain our robust security controls & processes across our technology stack to protect sensitive data & systems
• Lead cloud security engineering & associated vulnerability remediation efforts to improve the security posture & resiliency of ButterflyMX – prioritizing issues, implementing mitigations, & designing strategic preventative controls
• Extend our detection & response capabilities – building scalable solutions to identify malicious activity, triage alerts, & investigate & remediate incidents
• Drive security incident response efforts, including containment, investigation, recovery, post-incident analysis, lessons learned & ensuring remediation
• Ensure security controls are implemented to enable compliance with industry standards, regulations, frameworks,& best practices (e.g., SOC2, ISO, NIST, CIS, GDPR, CCPA)
• Evaluation, analysis & implementation of new security technologies & solutions to enhance the organization’s security posture
• Stay up-to-date with the latest security threats, technologies, & trends to proactively protect our systems
• Develop & conduct regular security awareness training & security education programs for employees
• Serve as a point of contact for customers & partners regarding security-related inquiries.
• Foster a culture of security awareness & accountability throughout the organization.

• 5+ years of security engineering experience building, managing & scaling security operations at a fast-paced, agile/dynamic, cloud native, technology-driven startup
• You enjoy working as a security engineer in organizations that develop software as a service &/or operate managed infrastructure & technology services for their own customers
• This role will wear multiple hats, including Security Engineer, SOC Analyst, GRC Analyst, & Privacy Analyst while the team is building out. You should be flexible, a go-getter & a self-starter to be successful in this role.
• Experience securing a tech stack/solution that includes SaaS, Mobile, & IoT
• Experience working with cross-functional teams to identify & mitigate security, compliance & data privacy risks
• Proficiency with deploying, operationalizing & managing security solutions in a remote first organization, with a cloud tech stack built for providing SaaS.
• AWS Security SME – experiential knowledge of securing EC2, S3, Lambda, EKS
• AWS Security Stack Experience – WAF, Inspector, Security Hub, GuardDuty, etc..
• Security Overlay Solutions: EDR, SIEM, CNAPP/CSPM, DSPM, DLP, IDS/IPS..
• Google Workspace, Apple, Windows, MDM, Secure Email Gateway
• Extensive experience & expertise across multiple security domains including cloud security, data security, network security, application security, incident management, threat/vulnerability/patch/configuration management, identity & access management..
• Strong understanding of security best practices, frameworks, standards, & compliance requirements, & particularly how these apply to a startup environment through enterprise environments. Experience maturing security controls as an organization matures.
• Experience maintaining SOC 2 Type II compliance & associated security controls within an organization
• Demonstrated technical expertise in implementing data privacy controls & safeguards to include facilitating the deployment of technical measures to ensure compliance with data privacy regulations such as GDPR & CCPA
• Experience automating security controls. Proven technical proficiency using Terraform & other infrastructure as code tools, with a strong track record of managing vulnerabilities in ephemeral cloud infrastructure environments.
• Incident response management: Experience in developing & implementing incident response plans, conducting investigations, & managing security incidents effectively
• Demonstrated ability to educate an engineering audience about technical application security vulnerabilities, i.e., OWASP Top Ten, OWASP API Security Top 10
• Adept in a data-driven approach for decision-making & a risk-based mindset to prioritize & address security concerns effectively.
• Customer focused & Solution oriented, Enthusiastic, Empathetic, Adaptable/Flexible, Bias for Action, Forward thinking, Optimistic, Trusted Advisor
• Everyone is a customer & everyone is on the security team
• A strong inclination to dive into the details, actively engaging in hands-on work.
• Continuous improvement mindset. Pursues ongoing professional development, stays updated with emerging threats & technologies..
• Industry certifications such as AWS Security Certified, CISSP, CCSP, CSSLP, GXPEN, OSCP, SANS Certifications, Burp Suite Certified, Security+, CEH, CIPP, CIPT

• Comprehensive Medical (ButterflyMX covers 90% of the cost), Dental, and Vision plans (ButterflyMX covers 100% of the cost) starting day 1
• 401(k) plan with a match
• 13 paid holidays, 25 PTO days
• Paid Family Leave
• Employee Assistance Program
• Quarterly self-care stipends
• Access to optional benefits including pre-tax flexible healthcare spending accounts (FSA and HSA), Dependent Care FSA, and Commuter Benefits, as well as optional Supplemental Life, AD&D, Hospital Indemnity, Disability, Legal, Accident, Critical Illness, Pet, and Personal Liability Insurance
• And more!

Before you Apply: Here is an interview Q and A for you: Click here

NOTE: Here is why some companies may not hire you.

Up Your Skill: Take Paid Courses HERE for free

Are your skills still relevant in 2025-2030? Check it out Here