Responsibilities
Security Ownership: Drive software engineering security hygiene end-to-end, from identifying vulnerabilities and misconfigurations to implementing durable fixes across our platform. This includes AWS, Kubernetes, CDN/WAF, and other technologies used in the PDLC
Cross-Functional Collaboration: Work hand-in-hand with DevOps and Engineering teams to embed security best practices into everyday workflows, without slowing down velocity
Continuous Learning: Stay current on evolving cloud security threats, tooling, and best practices, ensuring Raya's infrastructure stays ahead of emerging risks
Findings Remediation: Triage, prioritize, and systematically close out security findings, translating scanner output into practical, actionable engineering fixes
Operational Excellence: Expand and maintain security checks and guardrails in CI/CD pipelines and the broader PDLC, so security becomes a natural part of how we ship, not an afterthought
Qualifications
Strong hands-on experience with AWS and Kubernetes/EKS, comfortable navigating cloud infrastructure and container environments from day one
Solid foundation in security fundamentals: vulnerability management, IAM, network security, and cloud security posture management
Experience triaging and remediating security findings from vulnerability scanners or cloud security tools
Familiarity with CI/CD pipelines and integrating security practices into the software development lifecycle
Strong communication skills, able to work effectively with both DevOps and Security stakeholders and translate technical risk into clear priorities
Experience with Infrastructure-as-Code (e.g., Terraform/OpenTofu), compliance frameworks, or container security tooling
What Sets You Apart
Bridge Builder: You naturally sit at the intersection of DevOps and Security, translating between the two and earning trust from both sides
Impact-driven: You prioritize the fixes and improvements that meaningfully reduce risk, rather than chasing every alert
Growth-oriented: You possess a perpetual learner's mindset, staying curious about new threats, tools, and cloud-native security practices
Ownership mentality: You take findings from discovery to resolution without needing to be chased, and you build systems so problems don't recur
Productivity-obsessed: You value tools, workflows, and automation that make security scalable rather than manual
Bias toward shipping and iteration: You're able to harden systems incrementally, learn, and refine in short cycles rather than waiting for a "perfect" fix
Skills Required
- Hands-on experience with AWS and Kubernetes/EKS
- Foundation in security fundamentals (vulnerability management, IAM, network and cloud security)
- Experience triaging and remediating security findings from scanners or cloud security tools
- Familiarity with CI/CD pipelines and integrating security into the SDLC
- Experience with Infrastructure-as-Code (e.g., Terraform or OpenTofu), compliance frameworks, or container security tooling
- Strong communication skills to work with DevOps and Security stakeholders
What We Do
Raya is a private community that fosters quality, real-world connection. We believe that value-driven communities create a strong sense of belonging, inspiring more learning, sharing, and compassion.
Why Work With Us
We’re a mission-driven team that cares deeply about working together to change the digital landscape. Everyone here is encouraged to learn and participate in professional development opportunities - and have some fun too. We regularly have team events, including karaoke, game nights, and hot pot dinners to get to know each other better.
Gallery









