Infrastructure Security Engineer II

At Commerce, our mission is to empower businesses to innovate, grow, and thrive with our open, AI-driven commerce ecosystem. As the parent company of BigCommerce, Feedonomics, and Makeswift, we connect the tools and systems that power growth, enabling businesses to unlock the full potential of their data, deliver seamless and personalized experiences across every channel, and adapt swiftly to an ever-changing market. Simply said, we help businesses confidently solve complex commerce challenges so they can build smarter, adapt faster, and grow on their own terms. If you want to be part of a team of bold builders, sharp thinkers, and technical trailblazers, working together to shape the future of commerce, this is the place for you.

Commerce is looking for an Infrastructure Security Engineer II to help secure the cloud platforms and engineering systems that power our products and internal services. This is a hands-on role with meaningful influence across cloud, platform, and security engineering.

In this role, you will work closely with engineering, platform, and security teams to strengthen the security of our cloud environments, infrastructure as code, containerized workloads, identity patterns, and operational tooling. You will help teams make sound security decisions, build practical guardrails, and improve our ability to detect and respond to risk. We are looking for someone who understands infrastructure security in practice and can partner effectively with others to improve it. The right person is comfortable using modern tools, including AI-assisted workflows, to work efficiently, deepen analysis, and scale their impact across teams.

• Partner with engineering and platform teams to review and improve the security of cloud infrastructure, platform services, and deployment patterns

• Review infrastructure designs and infrastructure as code with a focus on identity, network exposure, secrets handling, logging, and resilience

• Help build and maintain security guardrails, detections, and automation across our cloud and platform environments

• Contribute to the security of containerized workloads, CI/CD systems, and cloud-native services

• Support incident response and security investigations involving infrastructure, cloud platforms, identities, and engineering systems

• Identify opportunities to reduce risk through better defaults, automation, hardening, and architectural improvements

• Help improve security visibility through logs, detections, telemetry, and threat-informed analysis

• Collaborate with stakeholders across engineering and security to prioritize and remediate infrastructure security findings

• Contribute to internal security tools, processes, and standards that scale with the organization

• Advocate for practical, durable security improvements that protect Commerce, our merchants, and their shoppers
   

• 3+ years of experience in infrastructure security, cloud security, security engineering, platform security, SRE, or a closely related field

• Experience working in one or more public cloud environments such as AWS or GCP

• Experience working in regulated environments and partnering with GRC teams to implement security controls that support compliance requirements

• Familiarity with infrastructure as code concepts and tools such as Terraform

• Experience with cloud logging, SIEM, detection engineering, or threat detection in cloud environments

• Working knowledge of infrastructure and platform security concepts such as IAM, network segmentation, secrets management, logging, vulnerability management, and secure service configuration

• Experience reviewing technical designs and partnering with engineers to improve security outcomes

• Experience supporting or collaborating on incident response, investigations, or security operations related to infrastructure and cloud systems

• Comfortable writing code or scripts to automate tasks, analyze data, or build internal tooling in Python, Go, Bash, or similar languages

• Able to explain technical risks and tradeoffs clearly to engineers and stakeholders

• Strong judgment, curiosity, and a practical approach to solving security problems
   

• Familiarity with cloud posture management, runtime security, or policy-as-code tooling

• Experience with CI/CD security, secrets management, or software supply chain security

• Experience using AI-enabled tools to improve efficiency, automate repetitive work, or accelerate analysis in engineering or security workflows

• Security or cloud certifications are welcome, but not required

#LI-KE1

#LIHYBRID

(Pay Transparency Range: $75,559 - $127,784.00)

At Commerce, we believe that celebrating the unique histories, perspectives and abilities of every employee makes a difference for our company, our customers and our community. We are an equal opportunity employer and the inclusive atmosphere we build together will make room for every person to contribute, grow and thrive.

We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the interview process, to perform essential job functions and to receive other benefits and privileges of employment. If you need an accommodation in order to interview at Commerce, please let us know during any of your interactions with our recruiting team.

Learn more about the Commerce team, culture and benefits at https://www.commerce.com/careers/

Commerce, along with many other employers, has become the subject of fraudulent job offers to hopeful prospective job seekers.
Be advised:
Commerce does not offer jobs to individuals who do not go through our formal hiring process.
Commerce will never:

• require payment of recruitment fees from candidates;

• request personally identifiable information through unsanctioned websites or applications;

• attempt to solicit money from you as part of the hiring process or as part of an employment offer;

• solicit money to complete visa requirements as part of a job offer.

If you receive unsolicited offers of employment from Commerce, we urge you to be extremely cautious and avoid engaging or responding.