Senior Product Security Engineer

As a scale-up experiencing rapid growth we are looking for a highly experienced and driven Senior Product Security Engineer to join our Security team. This role is critical to the security resilience and operational excellence of our FedRAMP cloud environment and broader SaaS platform.

We are seeking a senior security engineer who can take ownership of complex cloud security challenges drive technical decisions and help shape the future of our cloud security program. You will play a key role in designing operating hardening and continuously improving a secure AWS-based environment with a strong focus on FedRAMP requirements automation incident response and scalable security architecture.

This is an opportunity for someone who thrives in high-impact environments enjoys tackling difficult technical problems and wants to help build secure resilient systems at scale.

What youll do

• Serve as a core member of the Cloud Security team with significant influence on the direction priorities and execution of the cloud security program.
• Own operate maintain and improve our FedRAMP cloud environment ensuring it meets high standards for security availability compliance and operational excellence.
• Design implement and maintain a secure scalable and resilient AWS cloud infrastructure covering both the cloud platform and the applications running on it.
• Build and improve security controls across cloud resources including networking compute storage logging monitoring and IAM.
• Lead the hardening of AWS environments and Kubernetes-based platforms applying security best practices and secure-by-default patterns.
• Drive the automation of security controls operational processes and compliance requirements to reduce manual effort and human error.
• Partner closely with SRE platform and engineering teams to ensure services are deployed and operated securely in highly regulated environments.
• Develop maintain and continuously improve incident response capabilities for cloud environments including detection containment investigation recovery and post-incident analysis.
• Respond to security incidents perform deep technical investigations and drive remediation and long-term corrective actions.
• Proactively identify and mitigate security risks through threat-informed assessments vulnerability management and continuous cloud security reviews including the use of tools such as CNAPP.
• Manage and improve security tooling and services such as SIEM EDR cloud-native security tooling and monitoring platforms while developing meaningful security and risk metrics.
• Contribute to the development and execution of our cloud security strategy balancing business needs engineering velocity and regulatory obligations.
• Collaborate with engineering teams to understand system designs guide secure architecture decisions and help solve complex technical security problems.
• Contribute to cloud security education and training for engineering teams helping raise the overall security maturity of the organization.
• Stay current on emerging cloud threats AWS security capabilities attacker techniques and industry best practices and translate that knowledge into practical improvements.

Qualifications :

What youll need

• 7 years of hands-on experience designing building securing and operating cloud infrastructure on AWS including deep practical knowledge of AWS security services architecture patterns and operational best practices.
• Proven experience working in high-security and regulated cloud environments with strong familiarity with FedRAMP and SOC 2 requirements.
• Strong hands-on expertise with Kubernetes container security and modern infrastructure platforms.
• Strong experience with infrastructure as code and automation tooling such as Terraform/OpenTofu Terragrunt Ansible Crossplane Jenkins and GitHub Actions.
• Demonstrated ability to design and implement scalable security automation and DevSecOps practices.
• Strong experience in incident response security monitoring investigation and remediation in cloud-native environments.
• Deep understanding of IAM least privilege identity architecture and access control best practices in AWS.
• Strong knowledge of network security including segmentation firewalls VPNs intrusion detection and secure connectivity patterns in cloud environments.
• Experience managing and tuning security tools and platforms including SIEM EDR vulnerability management and cloud security posture tools.
• Excellent troubleshooting analytical and problem-solving skills with the ability to work through complex technical and operational challenges.
• Ability to operate with a high degree of ownership make sound technical decisions and drive initiatives from design through implementation and continuous improvement.
• Strong communication and collaboration skills with the ability to clearly explain technical security concepts to both technical and non-technical stakeholders.
• A proactive hands-on mindset and a strong commitment to building secure resilient and maintainable systems.
• Fluent in English written and spoken.

What will make you stand out

• Experience securing and operating FedRAMP-authorized or similarly regulated SaaS environments.
• Experience with additional cloud platforms such as Azure.
• Proficiency in Python or Golang; JavaScript/TypeScript is a plus.
• Knowledge of security standards and frameworks such as CIS Benchmarks NIST and ISO 27001.
• Experience influencing security architecture across multiple engineering teams and driving adoption of security best practices at scale.

Who you are

• You are a senior-level engineer who enjoys taking on difficult technical problems and solving them pragmatically.
• You are comfortable owning critical security infrastructure and making decisions in complex fast-moving environments.
• You combine strong technical depth with sound judgment and a practical approach to risk reduction.
• You advocate for high security standards while enabling engineering teams to move effectively.
• You are curious adaptable and motivated by continuous improvement.

Additional Information :

We are the pioneers and trailblazers of a global IT Market Category (DEX) that is shaping the future of how the world works giving our customers IT Teams total digital visibility across their enterprise. Our innovative solutions integrate real-time analytics automation and employee feedback across all endpoints. This enables our IT teams to solve complex technical challenges create ever more productive workplaces and deliver happy satisfied employees in the digital workplace.

Total Rewards @ Nexthink

At Nexthink we offer one of the most comprehensive and generous benefits plans.  Your total rewards compensation package includes base salary and may also include a commission or performance bonus plan.  We provide our US employees with 100% covered company benefits that consist of health dental vision as well as access to life insurance long-term disability and accidental death/personal loss coverage. 

In addition we offer: 

• Flexible Hours and unlimited vacation (employees have unlimited paid time off on top of the 15 days of holidays we offer) 11 company-paid holidays and 3 extra days for volunteering.
• Hybrid work model that balances office and remote work with structured onboarding to foster connections and team integration.
• Free access to professional training platforms to explore your interests and enhance your skills.
• Up to 16 weeks of paid leave for birthing parents/primary caregivers 6 weeks for secondary caregivers.
• Plan for the future with a 401(k) plan featuring up to 4% company matching contributions vesting immediately to grow your retirement savings.
• Bonuses for referring successful hires after three months of continuous employment.

Base salary ranges are determined by country role level experience and skills. The range displayed on each job posting reflects Nexthinks good faith determination of the minimum and maximum targets for new hire salaries across all US locations. Individual pay is determined by related factors including job skills experience and relevant education or training which may impact a final offer. Your Talent Acquisition Partner can share more about the specific salary range during the hiring process.
 

Remote Work :

Yes

Employment Type :

Full-time