Staff Cloud Security Engineer (Breakthrough)

What You'll Do

Technical Leadership

• Provide technical guidance and security expertise across engineering teams.

• Lead the implementation of security best practices and advocate for secure design, development, and deployment processes.

• Collaborate with Engineering Directors, Principal Engineers, and Corporate InfoSec to align security strategy with product and platform goals.

• Serve as the primary security point of contact within the Engineering organization.

Development & Automation

• Design and implement security tooling and automation to support DevSecOps practices.

• Write scripts and lightweight tools (e.g., in Python, Bash) to automate detection, remediation, and compliance workflows.

• Contribute to infrastructure and CI/CD security by embedding secure guardrails in Terraform, Bitbucket pipelines, and deployment pipelines.

Architectural Design

• Lead threat modeling and secure architecture reviews across our GCP-native SaaS platform.

• Partner with Cloud Engineering to integrate security into infrastructure provisioning and platform components.

• Translate compliance and security frameworks (e.g., SOC 2, NIST 800-53, FedRAMP, CIS Controls) into actionable, scalable policies and controls in infrastructure and code.

• Evaluate and recommend security technologies with input from CTO and Corporate InfoSec - including GCP-native tools, CrowdStrike, and modern SIEM/SOAR platforms.

Technical Excellence

• Drive the evaluation and adoption of cloud-native and modern security tools (e.g., Google SCC, Chronicle, Panther, CrowdStrike).

• Build and tune threat detection capabilities to identify and respond to cloud misuse, API abuse, and potential data exfiltration.

• Maintain incident response playbooks and lead security incident investigations in collaboration with Corporate InfoSec.

Innovation and Research

• Stay current with cloud security trends, threat actor TTPs (tactics, techniques, and procedures), and evolving best practices.

• Proactively identify opportunities to reduce risk and increase automation across the SDLC and cloud environment.

Collaboration

• Partner with engineering teams to foster a culture of secure coding and continuous improvement in security posture.

• Collaborate with Breakthrough's GRC Lead and Sr. Director of Technology Operations on audits and client due diligence.

• Participate in periodic reviews with Corporate InfoSec to ensure alignment and maintain a strong security posture.

• Mentor engineers in secure development practices and support team learning on threat modeling, authentication, and data protection.

• Bachelor's degree in Computer Science or a related technical field involving coding (e.g., physics or mathematics), or equivalent technical experience.

• 10+ years of experience in security engineering, cloud security, DevSecOps, or related technical domains, ideally within a SaaS or product-focused organization.

• In-depth experience designing and implementing scalable, cloud-native security solutions, with a strong understanding of Google Cloud Platform (GCP) services such as IAM, VPC, Security Command Center, Workload Identity, and GKE.

• Strong proficiency in multiple programming or scripting languages, specifically Python, Go, and Bash, with an emphasis on automation and tool development.

• Demonstrated experience with infrastructure as code (IaC) and policy as code, including tools such as Terraform, CI/CD pipelines, and frameworks like OPA or Sentinel.

• Hands-on experience with modern SIEM/SOAR platforms (e.g., Chronicle, Panther) and the ability to develop high-fidelity detection logic.

• Expertise in secure development practices, application security, threat modeling, and advising on secure architecture.

• Familiarity with compliance frameworks such as SOC 2, NIST 800-53, CIS Controls, and translating them into technical controls and processes.

• Experience with Agile software development methodologies including Kanban and Scrum.

• Excellent problem-solving skills and the ability to navigate complex technical and security challenges.

• Strong communication skills, with the ability to articulate complex security concepts to both technical and non-technical stakeholders.

Preferred:

• Relevant certifications such as Google Professional Cloud Security Engineer, Certified Information Systems Security Professional (CISSP), or Certified Cloud Security Professional (CCSP).

• Familiarity with DevOps and platform engineering practices and tools.

• Prior experience working in a cross-functional product engineering team.

• Demonstrated leadership experience in guiding teams or influencing security strategy across an organization.

While expertise in every technology isn't required, familiarity with our stack is beneficial. We're keen to work with individuals who bring relevant experience and a willingness to learn.