Security Engineer

💰 $100k-$140k
🇺🇸 United States - Remote
🔒 Cybersecurity🔵 Mid-level

Job description

BlackCloak’s mission is to protect corporate executives and high-profile individuals in their personal lives, mitigating risks to their families, companies, reputation, and finances. We defend our clients’ digital lives from hackers, privacy leaks, and identity theft. If you are passionate about helping to protect others, then keep reading - this may be your next great opportunity.

As a Senior Security Engineer, you will be part of BlackCloak’s internal technology team supporting corporate security, information technology operations, and compliance. This is a critical role that is both hands-on and strategic, influencing and driving success for BlackCloak and its clients by designing, deploying, and supporting technology solutions for all areas of the business.

What you will do

  • Application Security (Primary)
  • Champion application security program strategy and implementation, including but not limited to various controls towards a “shift-left” security model, Security Champions program, adoption and implementation of SAST, DAST, other application security tools.
  • Assist in maturation of the Secure SDLC, including threat modeling, security architecture and requirements guidance, as well as secure code development training.
  • Work directly with developers to triage findings, provide remediation guidance, and foster a security-first culture.
  • Manual testing support for light red teaming such as POC’ing vulnerabilities, leading penetration tests via vendor engagements and/or internally led testing, and validating security findings.
  • Cloud & Infrastructure Security (Secondary)
  • Partner with Engineering, DevOps, to secure GCP, AWS environments
  • Leverage Cloud Security tools such as CNAAP, to remediate discovered misconfigurations, vulnerabilities, and triage of Cloud Security alerts.
  • Develop and implement secure infrastructure baselines, vulnerability management processes, secrets managements, IAM, and hardening standards within the cloud environment.
  • Incorporation of shift-left security tests and controls, into CI/CD pipelines
  • Help expand monitoring capabilities within tools such as SIEM, CNAAP, including implementation of required cloud architecture/logging, onboarding of log sources to security tools, and detection rules for cloud-based threats.
  • Zero Trust & Network Security (Support)
  • Strengthen Zero Trust posture by expanding usage of Cloudflare WARP, WAF, other Zero Trust tooling and principles
  • Collaborate with the IT team to enhance endpoint security policies within EDR tools such as SentinelOne, Crowdstrike, as well as secure hardening standards into MDM
  • Support design and implementation of IAM best practices/principles for workforce and client identity, leveraging tools such as; Google IDP, Okta, Auth0, Zitadel
  • Security Operations & Incident Response (Support)
  • Review, design, and implementation of new Security Tools - support administration across tools such as SIEM, EDR, CNAAP, Email Security, and others.
  • Support security and risk assessments for new tools, vendors, and relationships with broader Security and IT team.
  • Assist in development of new threat detections, playbooks, and automated response/remediation
  • Support triage and response of security alerts, as an escalation point from the broader team.
  • Participate in supporting security on-call rotation

What You Need to be Successful

  • 3-5 years of hands-on experience in a security engineering role, preferably within a cloud-native, startup environment
  • Experience building or contributing to a Secure SDLC program, leveraging application security tools, supporting security architecture reviews
  • Demonstrated experience securing public cloud environments, with a strong preference for Google Cloud Platform (GCP).
  • Experience building or contributing to a Secure SDLC program.
  • Hands-on experience with modern security tooling, including
  • SAST/SCA: Snyk, Checkmarx, Veracode, or similar.
  • CNAPP: Wiz, Prisma Cloud, or similar.
  • EDR: SentinelOne, CrowdStrike, or similar.
  • SIEM: Google SecOps, Splunk, or other modern platforms.
  • A solid understanding of Zero Trust, IAM principles and practical experience implementing solutions with tools like Cloudflare.
  • Proficiency in at least one scripting language (e.g., Python, Bash) to automate security tasks and processes.
  • Excellent problem-solving skills and the ability to work collaboratively with both technical (Engineering) and non-technical (GTM) teams.
  • A proactive, “builder” mindset with a passion for improving processes, reducing risk.
  • Preferred Candidate will have:
  • Familiarity with Infrastructure as Code (IaC) and its security implications (e.g., Terraform).
  • Knowledge of compliance frameworks such as SOC 2, GDPR, NIST CSF
  • Familiarity with common application development languages such as Java or JavaScript
  • Understanding of system and architecture design principles, from code to cloud
  • Relevant industry certifications (e.g., GCLD, GCP Cloud Security Engineer, GCSA).

$100,000 - $140,000 a year

Final offer amounts are determined by multiple factors, including but not limited to geographic location as well as candidate experience and expertise, and may vary from the amounts listed above.

About BlackCloak

BlackCloak is an extremely fast-growing company in an entirely new product category. We have amazing product fit validated by industry awards and an impressive client base of Fortune 500 companies across all industries.

BlackCloak offers a competitive salary, exceptional benefits, and a dynamic work environment.  Below is a quick summary of BlackCloak’s generous benefits package for full-time employees includes:

- 100% Remote Company, within the USA

- Comprehensive Medical, Dental, and Vision plans with a 100% employer-paid monthly premium option for employees & 50% employer-paid monthly premiums for dependents.

- Health Savings Account with company contribution for eligible medical plans.

- Flexible Vacation Plan

- 10 Paid Company Holidays

- 100% employer-paid Life, AD&D and Short- and Long-Term Disability Insurance

- 401k with Traditional and Roth options, including employer match.

- Company Equity

- Paid Parental and Pregnancy Recovery Leave

- Company and team off-sites and virtual events throughout the year

- Home office stipend

We are an equal opportunity employer. We do not discriminate on the basis of race, color, religion, sex, sexual orientation, gender identity, marital status, age, disability, national or ethnic origin, military service status, citizenship, or other protected characteristic.

Learn More about Us

Website: https://blackcloak.io

LinkedIn: /blackcloak

Twitter: @BlackCloakCyber

White Paper: https://bc.blackcloak.io/quantifying-the-business-need-for-digital-executive-protection-report-download

#liremote

Share this job:
Please let BLACKCLOAK know you found this job on Remote First Jobs 🙏

Similar Remote Jobs

Latest Jobs at BLACKCLOAK

Benefits of using Remote First Jobs

Discover Hidden Jobs

Unique jobs you won't find on other job boards.

Advanced Filters

Filter by category, benefits, seniority, and more.

Priority Job Alerts

Get timely alerts for new job openings every day.

Manage Your Job Hunt

Save jobs you like and keep a simple list of your applications.

Search remote, work from home, 100% online jobs

We help you connect with top remote-first companies.

Search jobs

Hiring remote talent? Post a job

Frequently Asked Questions

What makes Remote First Jobs different from other job boards?

Unlike other job boards that only show jobs from companies that pay to post, we actively scan over 20,000 companies to find remote positions. This means you get access to thousands more jobs, including ones from companies that don't typically post on traditional job boards. Our platform is dedicated to fully remote positions, focusing on companies that have adopted remote work as their standard practice.

How often are new jobs added?

New jobs are constantly being added as our system checks company websites every day. We process thousands of jobs daily to ensure you have access to the most up-to-date remote job listings. Our algorithms scan over 20,000 different sources daily, adding jobs to the board the moment they appear.

Can I trust the job listings on Remote First Jobs?

Yes! We verify all job listings and companies to ensure they're legitimate. Our system automatically filters out spam, junk, and fake jobs to ensure you only see real remote opportunities.

Can I suggest companies to be added to your search?

Yes! We're always looking to expand our listings and appreciate suggestions from our community. If you know of companies offering remote positions that should be included in our search, please let us know. We actively work to increase our coverage of remote job opportunities.

How do I apply for jobs?

When you find a job you're interested in, simply click the 'Apply Now' button on the job listing. This will take you directly to the company's application page. We kindly ask you to mention that you found the position through Remote First Jobs when applying, as it helps us grow and improve our service 🙏

Apply