What you will do
- Application Security (Primary)
- Champion application security program strategy and implementation, including but not limited to various controls towards a “shift-left” security model, Security Champions program, adoption and implementation of SAST, DAST, other application security tools.
- Assist in maturation of the Secure SDLC, including threat modeling, security architecture and requirements guidance, as well as secure code development training.
- Work directly with developers to triage findings, provide remediation guidance, and foster a security-first culture.
- Manual testing support for light red teaming such as POC’ing vulnerabilities, leading penetration tests via vendor engagements and/or internally led testing, and validating security findings.
- Cloud & Infrastructure Security (Secondary)
- Partner with Engineering, DevOps, to secure GCP, AWS environments
- Leverage Cloud Security tools such as CNAAP, to remediate discovered misconfigurations, vulnerabilities, and triage of Cloud Security alerts.
- Develop and implement secure infrastructure baselines, vulnerability management processes, secrets managements, IAM, and hardening standards within the cloud environment.
- Incorporation of shift-left security tests and controls, into CI/CD pipelines
- Help expand monitoring capabilities within tools such as SIEM, CNAAP, including implementation of required cloud architecture/logging, onboarding of log sources to security tools, and detection rules for cloud-based threats.
- Zero Trust & Network Security (Support)
- Strengthen Zero Trust posture by expanding usage of Cloudflare WARP, WAF, other Zero Trust tooling and principles
- Collaborate with the IT team to enhance endpoint security policies within EDR tools such as SentinelOne, Crowdstrike, as well as secure hardening standards into MDM
- Support design and implementation of IAM best practices/principles for workforce and client identity, leveraging tools such as; Google IDP, Okta, Auth0, Zitadel
- Security Operations & Incident Response (Support)
- Review, design, and implementation of new Security Tools - support administration across tools such as SIEM, EDR, CNAAP, Email Security, and others.
- Support security and risk assessments for new tools, vendors, and relationships with broader Security and IT team.
- Assist in development of new threat detections, playbooks, and automated response/remediation
- Support triage and response of security alerts, as an escalation point from the broader team.
- Participate in supporting security on-call rotation
What You Need to be Successful
- 3-5 years of hands-on experience in a security engineering role, preferably within a cloud-native, startup environment
- Experience building or contributing to a Secure SDLC program, leveraging application security tools, supporting security architecture reviews
- Demonstrated experience securing public cloud environments, with a strong preference for Google Cloud Platform (GCP).
- Experience building or contributing to a Secure SDLC program.
- Hands-on experience with modern security tooling, including
- SAST/SCA: Snyk, Checkmarx, Veracode, or similar.
- CNAPP: Wiz, Prisma Cloud, or similar.
- EDR: SentinelOne, CrowdStrike, or similar.
- SIEM: Google SecOps, Splunk, or other modern platforms.
- A solid understanding of Zero Trust, IAM principles and practical experience implementing solutions with tools like Cloudflare.
- Proficiency in at least one scripting language (e.g., Python, Bash) to automate security tasks and processes.
- Excellent problem-solving skills and the ability to work collaboratively with both technical (Engineering) and non-technical (GTM) teams.
- A proactive, "builder" mindset with a passion for improving processes, reducing risk.
- Preferred Candidate will have:
- Familiarity with Infrastructure as Code (IaC) and its security implications (e.g., Terraform).
- Knowledge of compliance frameworks such as SOC 2, GDPR, NIST CSF
- Familiarity with common application development languages such as Java or JavaScript
- Understanding of system and architecture design principles, from code to cloud
- Relevant industry certifications (e.g., GCLD, GCP Cloud Security Engineer, GCSA).
Top Skills
What We Do
BlackCloak protects corporate executives and high-profile individuals from cybersecurity, privacy, financial, and other reputational risks. Used by Fortune 500 companies across all industries, the BlackCloak Concierge Cybersecurity & Privacy™ Platform is a holistic solution including mobile and desktop apps as well as concierge support. Executives and high-profile individuals get peace of mind knowing their family, reputation, and finances are secured. Companies rest assured that their brand, intellectual property, data, and finances are protected against threats coming through executives without having to invade their personal lives.
BlackCloak stands out in the cybersecurity industry by focusing on the often-overlooked intersection of personal and corporate digital protection. Unlike traditional firms that solely prioritize corporate defenses, BlackCloak understands that the vulnerabilities of high-level executives and their families can pose significant risks to the entire company. By offering comprehensive and tailored solutions that shield both personal and professional digital environments, BlackCloak ensures a holistic approach to security. This unique emphasis on protecting every facet of an executive's digital life—from corporate email systems to personal devices and home networks—sets BlackCloak apart as a pioneer in safeguarding the modern business world.
Why Work With Us
Here, you're not just an employee; you're a guardian of digital trust, protecting both corporate assets and personal identities. You'll join a dynamic team of innovators who are passionate about staying ahead of cyber threats and delivering tailored solutions to our unique client base.
Gallery
.png)
