Staff Cloud Security Engineer
Lexington, KY - USA
Job Summary
Xometry (NASDAQ: XMTR) powers the industries of today and tomorrow by connecting the people with big ideas to the manufacturers who can bring them to life. Xometrys digital marketplace gives manufacturers the critical resources they need to grow their business while also making it easy for buyers at Fortune 1000 companies to tap into global manufacturing capacity.
Xometry is looking for a Staff Cloud Security Engineer to own our cloud security posture and runtime detection capabilities. This is a high-impact individual contributor role focused on ensuring our live cloud environments and containerized workloads are hardened continuously monitored and generating the right signals for our security operations function. This role is about detection architecture posture management and runtime visibility.
You will be the primary owner of our CrowdStrike platform working closely with our MDR providers to ensure alert fidelity tuning and appropriate escalation. You will also evaluate and potentially implement a cloud SIEM.
This isnt a role where you watch dashboards and write tickets. Youll be the person who defines how we detect threats decides how we respond to them and has the autonomy to fix what you find. If youre tired of maintaining legacy tooling navigating slow change management processes or writing findings that disappear into a backlog this is the opposite of that. Were a SaaS-first company running a modern cloud-native stack. We ship fixes not tickets.
What Youll Contribute
- Own CrowdStrike Falcon configuration ensuring policies are appropriately scoped tuned and generating actionable alerts.
- Partner with MDR to define alert routing triage thresholds and escalation logic ensuring the right signals reach the right team.
- Monitor cloud environments (primarily AWS) for security posture drift: misconfigured IAM roles overly permissive security groups exposed storage and non-compliant resource configurations.
- Secure Kubernetes clusters and containerized workloads: manage Network Policies RBAC Admission Controllers and runtime detection for anomalous container behavior.
- Develop and enforce cloud security policies and standards for AWS infrastructure ensuring secure and scalable deployments align with organizational risk posture.
- Evaluate and lead the implementation of additional detection tooling including cloud SIEM platforms designing detection rules and alerting pipelines.
- Manage infrastructure as code (IaC) security using Terraform or OpenTofu ensuring IaC definitions meet security standards before deployment.
- Automate security posture checks and detection workflows using Python and shell scripting.
- Stay current with the evolving cloud threat landscape and translate emerging threats into detection coverage or posture improvements.
What You Bring
- Minimum 8 years of experience in cloud security security engineering or a related infrastructure security discipline.
- Hands-on experience with a cloud security posture management (CSPM) platform CrowdStrike Wiz Prisma Cloud Orca or equivalent. Prior CrowdStrike experience is a plus but not required.
- Deep familiarity with AWS security architecture: IAM/SCP policy design VPC networking security groups CloudTrail and cloud-native security controls. GCP or Azure experience considered in lieu of AWS for strong candidates willing to expand into AWS.
- Proficiency with infrastructure as code (IaC) tools such as Terraform OpenTofu or CloudFormation with an understanding of how to enforce security standards within IaC workflows.
- Strong Python and shell scripting skills for security automation detection rule development and tooling integration.
- Must be a US Citizen or legal permanent resident (Xometry handles ITAR-controlled data).
Preferred
- AWS GovCloud experience.
- Hands-on Kubernetes security experience: securing and managing production clusters including Network Policies RBAC and Admission Controllers.
- Experience with cloud-native SIEM solutions including writing detection rules in Python or SQL.
- Experience securing microservices architectures including service mesh security (Istio or Linkerd).
- Bachelors degree in Computer Science Information Security or a related field
The estimated base salary range for new hires into this role is $180000- $200000 annually bonus depending on factors such as job-related skills relevant experience and location. We also offer a competitive benefits package including 401(k) match medical dental and vision insurance; life and disability insurance; generous paid time off including vacation sick leave floating and fixed holidays maternity and bonding leave; EAP other wellbeing resources; and much more.
#LI-Hybrid
Xometry is an equal opportunity employer. All applicants will be considered for employment without attention to race color religion sex sexual orientation gender identity national origin veteran or disability status.
For US based roles: Xometry participates in E-Verify and after a job offer is accepted will provide the federal government with your Form I-9 information to confirm that you are authorized to work in the U.S.
Required Experience:
Staff IC
About Company
Xometry is a leader in high-precision production part and prototyping manufacturing on demand. Get instant quotes on CNC machining, 3D printing, sheet metal fabrication, laser cutting, and more.