Staff Engineer, Cloud Security

Unite Us
Full_time$180k-200k/year (USD)United States

📍 Job Overview

  • Job Title: Staff Engineer, Cloud Security
  • Company: Unite Us
  • Location: United States (Remote, with strong preference for ET/CT time zones)
  • Job Type: Full-Time
  • Category: Cloud Security Engineering
  • Date Posted: 2025-06-18
  • Experience Level: 8+ years (10+ years preferred)
  • Remote Status: Remote (U.S. based)

🚀 Role Summary

  • Technical Leadership: Drive cloud security strategy, design, and implementation across multiple domains, including cloud, network, application, and data security.
  • Collaboration: Work closely with cross-functional teams, embedding security into the software development lifecycle and promoting a culture of security awareness.
  • Mentorship: Provide expert guidance and support to engineering and operations teams, while mentoring team members and fostering a culture of continuous learning.
  • Incident Response: Participate in incident response activities, ensuring minimal disruption to service delivery and maintaining a strong security posture.

📝 Enhancement Note: This role requires a balance of technical depth and breadth, with a focus on AWS cloud security and a strong understanding of security principles and best practices.

💻 Primary Responsibilities

  • Security Architecture & Design: Lead the design and implementation of secure cloud infrastructure, network architecture, and application security controls.
  • Security Operations: Maintain security policies, standards, and procedures; refine security monitoring and alerting systems; and collaborate on security assessments, vulnerability scanning, and penetration testing.
  • Security Integration: Collaborate with development teams to integrate security best practices into the software development lifecycle (SDLC), ensuring secure code development and deployment.
  • Mentoring & Training: Mentor and coach engineering team members, providing guidance on secure coding practices and security best practices; contribute to secure code development training.
  • Threat Modeling & Risk Assessment: Perform threat modeling and risk assessments to identify and mitigate security risks, ensuring compliance with relevant security regulations and standards (SOC 2, NIST, HIPAA, HITRUST, etc.).
  • Stay Current: Stay up-to-date on the latest security threats, trends, and best practices, continuously improving the company's security posture and developer experience at scale.

📝 Enhancement Note: This role combines technical leadership with hands-on engineering, requiring a strong problem-solving mindset and the ability to balance trade-offs between competing interests.

🎓 Skills & Qualifications

Education: Bachelor's degree in Computer Science, Information Security, or a related field. Relevant certifications such as CISSP, CISM, or AWS-related Security certifications are a plus.

Experience:

  • Required: At least 8+ years of experience in information security, with a focus on security engineering and coding experience in one or more programming languages (e.g., Python, Bash) and automation tools.
  • Preferred: 10+ years of experience in information security, with a focus on security engineering and experience with threat modeling, risk assessment methodologies, containerization, and orchestration technologies (e.g., Docker, Kubernetes).

Required Skills:

  • Technical: Deep understanding of security principles, frameworks, and best practices; strong technical experience in AWS Cloud security, including least privilege AWS IAM permissions design and management; experience with security monitoring, logging, and alerting tools (SIEM, MDR, etc.); knowledge and experience managing network security (firewalls, intrusion detection/prevention systems, VPNs); proven track record managing application security and vulnerabilities (SAST/DAST, secure coding practices); familiarity with DevOps and CI/CD pipelines and integrating security into these processes.
  • Soft: Strong problem-solving and analytical skills; ability to explain technical security concepts to both technical and non-technical audiences; excellent communication skills and the ability to work in a collaborative, fast-paced environment; ability to mentor engineers and lead by example; ability to apply judgment and experience to balance trade-offs between competing interests; ability to advocate for security best practices while minimizing friction with the end user experience.

Preferred Qualifications:

  • 10+ years of experience in information security, with a focus on security engineering.
  • Relevant certifications (CISSP, CISM, or AWS-related Security certifications).
  • Experience with threat modeling and risk assessment methodologies.
  • Experience with containerization and orchestration technologies (e.g., Docker, Kubernetes) and their security implications.
  • Contributions to the security community.

📊 Web Portfolio & Project Requirements

Portfolio Essentials:

  • Cloud Security Projects: Demonstrate your experience in designing, implementing, and managing secure cloud infrastructure on AWS, highlighting your understanding of IAM, security groups, network segmentation, and cloud security best practices.
  • Application Security Projects: Showcase your ability to identify and mitigate application vulnerabilities, with examples of secure coding practices, secure application architecture, and secure deployment processes.
  • Incident Response Projects: Provide examples of your involvement in incident response activities, demonstrating your ability to investigate, contain, and remediate security incidents, as well as your understanding of post-incident analysis and lessons learned.
  • Security Training & Mentoring: Include any examples of secure code development training, mentoring, or coaching activities, highlighting your ability to foster a culture of security awareness and continuous learning.

Technical Documentation:

  • Security Documentation: Provide examples of security policies, standards, and procedures you have developed or maintained, demonstrating your understanding of security governance and compliance.
  • Threat Modeling & Risk Assessment Documentation: Showcase your ability to perform threat modeling and risk assessments, with examples of threat modeling methodologies, risk assessment frameworks, and mitigation strategies.
  • Incident Response Documentation: Include any documentation related to incident response activities, such as incident response plans, playbooks, or post-incident reports, demonstrating your understanding of incident response best practices.

📝 Enhancement Note: As this role focuses on cloud security engineering, your portfolio should emphasize your technical depth and breadth in cloud security, with a strong emphasis on AWS security best practices and real-world examples of secure cloud architecture and implementation.

💵 Compensation & Benefits

Salary Range: The target pay range for this role is $180,000 - $200,000 USD per year. The proposed salary will be dependent on the candidate's skills, experience, and competencies, as well as location.

Benefits:

  • Medical, Dental, and Vision: Insurance coverage for team members and eligible partners and dependents, including unlimited virtual mental health and acute medical visits.
  • Wellness: Mental health benefits, such as the Employee Assistance Program (EAP) and wellness platform subscription, available to all team members.
  • Flexible Time Off: Take what you need, including volunteer days and mental health days. Additionally, enjoy 14 paid, company-wide holidays and paid parental leave for adoptive parents as well.
  • Employee Resource Groups: Choose to join any of the company's ERGs, which celebrate and support a diverse and inclusive workplace.
  • Spending Accounts: Tax-advantaged health savings accounts (HSAs), flexible spending accounts (FSAs), and commuter benefits.
  • 401(k) + Employer Match: Enjoy matching, immediate vesting, and financial wellness resources.
  • Additional Benefits: Life and AD&D - a company-paid benefit, with the option to purchase additional coverage for yourself and your dependents; disability coverage; accident insurance; and pet insurance.

📝 Enhancement Note: The salary range provided is a target hiring range and may vary based on the candidate's skills, experience, and location. Additionally, the benefits listed are subject to change and may vary based on the candidate's employment status and location.

🎯 Team & Company Context

🏢 Company Culture

Industry: Unite Us operates in the healthcare and social services industries, focusing on connecting community-based organizations, government agencies, and healthcare organizations to better collaborate and meet the needs of individuals in their communities.

Company Size: As a mid-sized company, Unite Us offers the opportunity to work in a collaborative, mission-driven environment, with a strong focus on innovation and continuous improvement.

Founded: Unite Us was founded in 2013, with a mission to unlock the potential of every community by driving collaboration and improving the delivery of health and social services.

Team Structure:

  • Security Team: The security team is responsible for maintaining the company's overall security posture, collaborating with cross-functional teams to embed security into the software development lifecycle, and promoting a culture of security awareness.
  • Product Development & Delivery: The product development and delivery team is responsible for designing, developing, and maintaining the company's software products, ensuring they meet the needs of the company's customers and users.
  • Collaboration: The security team works closely with the product development and delivery team, as well as other cross-functional teams, to ensure that security is integrated into every aspect of the software development lifecycle.

Development Methodology:

  • Agile/Scrum: The company follows Agile/Scrum methodologies, with a focus on iterative development, continuous improvement, and collaboration.
  • Code Review & Testing: The company emphasizes code review, testing, and quality assurance practices to ensure the delivery of high-quality, secure software products.
  • Deployment Strategies: The company employs CI/CD pipelines and automated deployment strategies to ensure efficient and reliable software delivery.

Company Website: Unite Us

📝 Enhancement Note: As a mission-driven company, Unite Us places a strong emphasis on its social impact and the positive change it aims to create in communities across the United States. This focus is reflected in the company's culture, values, and approach to work.

📈 Career & Growth Analysis

Web Technology Career Level: This role is at the senior staff engineer level, requiring a deep understanding of cloud security, technical leadership, and the ability to drive strategic initiatives and influence cross-functional teams.

Reporting Structure: The staff cloud security engineer reports directly to the Chief Information Security Officer (CISO) and works closely with the product development and delivery team, as well as other cross-functional teams.

Technical Impact: This role has a significant impact on the company's overall security posture, influencing the design and implementation of secure cloud infrastructure, application security, and data protection strategies. Additionally, this role plays a critical part in embedding security into the software development lifecycle and promoting a culture of security awareness.

Growth Opportunities:

  • Technical Leadership: As a senior staff engineer, there is ample opportunity for growth into more senior technical leadership roles, such as principal engineer or director of engineering.
  • Security Architecture & Strategy: With a deep understanding of cloud security and a strong ability to influence cross-functional teams, there is potential for growth into security architecture or security strategy roles.
  • Mentorship & Training: With extensive experience in cloud security and a strong ability to mentor and coach team members, there is potential for growth into more senior mentorship or training roles.

📝 Enhancement Note: As a mid-sized company, Unite Us offers opportunities for career growth and development, with a strong focus on promoting from within and providing team members with the tools and resources they need to succeed.

🌐 Work Environment

Office Type: As a remote-first company, Unite Us offers a flexible, work-from-anywhere work environment, with a strong preference for candidates comfortable working in ET/CT time zones.

Office Location(s): While the company is headquartered in New York, New York, it has team members across the United States and does not require candidates to be located in any specific geographic region.

Workspace Context:

  • Remote Work: As a remote-first company, Unite Us provides all the necessary equipment to perform your duties, including a computer, mouse, keyboard, and other approved WFH supplies.
  • Collaboration Tools: The company uses collaboration tools such as Slack, Microsoft Teams, and Google Workspace to facilitate communication and collaboration among team members.
  • Work-Life Balance: With a focus on results and outcomes, Unite Us offers a flexible work schedule, with the ability to take what you need for volunteer days, mental health days, and other personal needs.

Work Schedule: The company operates on a standard 40-hour workweek, with the ability to adjust your schedule as needed to balance work and personal responsibilities.

📝 Enhancement Note: As a remote-first company, Unite Us places a strong emphasis on communication, collaboration, and work-life balance, with a focus on results and outcomes rather than hours worked.

🛠 Technology Stack & Web Infrastructure

Cloud Platform: AWS (Amazon Web Services) is the primary cloud platform used by Unite Us, with a focus on secure cloud architecture, infrastructure as code (IaC), and cloud security best practices.

Security Tools:

  • Identity & Access Management (IAM): AWS IAM is used to manage user access and permissions, with a focus on least privilege access and role-based access control (RBAC).
  • Security Information and Event Management (SIEM): SIEM tools are used to collect, analyze, and report on security-related data and events, enabling real-time monitoring and alerting.
  • Intrusion Detection & Prevention Systems (IDPS): IDPS tools are used to detect and prevent network-based attacks, with a focus on signature-based and anomaly-based detection.
  • Vulnerability Scanning & Penetration Testing: Vulnerability scanning and penetration testing tools are used to identify and mitigate security vulnerabilities in the company's software products and infrastructure.

Development & DevOps Tools:

  • Version Control: Git is used for version control and collaboration, with a focus on branching, pull requests, and code reviews.
  • CI/CD Pipelines: CI/CD pipelines are used to automate the software development lifecycle, ensuring efficient and reliable software delivery.
  • Infrastructure as Code (IaC): IaC tools such as Terraform and CloudFormation are used to manage and provision cloud infrastructure, ensuring consistent and secure infrastructure across environments.

📝 Enhancement Note: As a cloud security-focused role, your technical skills and experience should be centered around AWS cloud security, with a strong understanding of cloud security best practices, IAM, SIEM, IDPS, and other relevant security tools.

👥 Team Culture & Values

Web Development Values:

  • Security-First: At Unite Us, security is a top priority, with a focus on embedding security into every aspect of the software development lifecycle.
  • Collaboration: The company emphasizes collaboration and cross-functional teamwork, with a focus on breaking down silos and fostering a culture of shared responsibility.
  • Continuous Learning: Unite Us places a strong emphasis on continuous learning and professional development, with a focus on staying current with the latest security threats, trends, and best practices.
  • Innovation: The company encourages innovation and creative problem-solving, with a focus on driving positive change and improving the delivery of health and social services.

Collaboration Style:

  • Cross-Functional Integration: The security team works closely with cross-functional teams, including product development and delivery, design, marketing, and business teams, to ensure that security is integrated into every aspect of the software development lifecycle.
  • Code Review Culture: The company emphasizes code review and peer programming practices, with a focus on knowledge sharing and continuous learning.
  • Mentorship & Knowledge Sharing: Unite Us encourages mentorship and knowledge sharing, with a focus on fostering a culture of continuous learning and professional development.

📝 Enhancement Note: As a mission-driven company, Unite Us places a strong emphasis on its social impact and the positive change it aims to create in communities across the United States. This focus is reflected in the company's culture, values, and approach to work.

⚡ Challenges & Growth Opportunities

Technical Challenges:

  • Cloud Security: Staying current with the latest cloud security threats, trends, and best practices, while maintaining a strong security posture in a dynamic and evolving cloud environment.
  • Application Security: Identifying and mitigating application vulnerabilities, with a focus on secure coding practices, secure application architecture, and secure deployment processes.
  • Incident Response: Participating in incident response activities, ensuring minimal disruption to service delivery and maintaining a strong security posture in the face of emerging threats and attacks.
  • Emerging Technologies: Staying current with emerging technologies and their security implications, with a focus on containerization, orchestration, and other relevant security trends.

Learning & Development Opportunities:

  • Technical Skills Development: Continuously developing your technical skills and expertise in cloud security, with a focus on emerging technologies, best practices, and industry trends.
  • Certifications & Training: Pursuing relevant certifications and training opportunities, such as CISSP, CISM, or AWS-related Security certifications, to enhance your knowledge and skills in cloud security.
  • Mentorship & Leadership: Developing your mentorship and leadership skills, with a focus on coaching and supporting team members in their professional development and career growth.

📝 Enhancement Note: As a senior staff engineer, you will face significant technical challenges and opportunities for growth and development. With a strong focus on cloud security and a deep understanding of security principles and best practices, you will be well-positioned to succeed in this role and make a significant impact on the company's overall security posture.

💡 Interview Preparation

Technical Questions:

  • Cloud Security: Demonstrate your deep understanding of cloud security, with a focus on AWS cloud security, IAM, SIEM, IDPS, and other relevant security tools.
  • Application Security: Showcase your ability to identify and mitigate application vulnerabilities, with examples of secure coding practices, secure application architecture, and secure deployment processes.
  • Incident Response: Provide examples of your involvement in incident response activities, demonstrating your ability to investigate, contain, and remediate security incidents, as well as your understanding of post-incident analysis and lessons learned.
  • Threat Modeling & Risk Assessment: Explain your approach to threat modeling and risk assessment, with examples of threat modeling methodologies, risk assessment frameworks, and mitigation strategies.

Company & Culture Questions:

  • Mission & Values: Demonstrate your understanding of the company's mission, values, and approach to work, with a focus on the company's social impact and the positive change it aims to create in communities across the United States.
  • Team Dynamics: Explain how you would contribute to the company's culture of collaboration, cross-functional teamwork, and shared responsibility, with a focus on breaking down silos and fostering a culture of continuous learning and professional development.
  • Adaptability: Describe your ability to adapt to a dynamic and evolving work environment, with a focus on staying current with the latest security threats, trends, and best practices.

Portfolio Presentation Strategy:

  • Cloud Security Projects: Highlight your experience in designing, implementing, and managing secure cloud infrastructure on AWS, with a focus on IAM, security groups, network segmentation, and cloud security best practices.
  • Application Security Projects: Showcase your ability to identify and mitigate application vulnerabilities, with examples of secure coding practices, secure application architecture, and secure deployment processes.
  • Incident Response Projects: Provide examples of your involvement in incident response activities, demonstrating your ability to investigate, contain, and remediate security incidents, as well as your understanding of post-incident analysis and lessons learned.
  • Security Training & Mentoring: Include any examples of secure code development training, mentorship, or coaching activities, highlighting your ability to foster a culture of security awareness and continuous learning.

📝 Enhancement Note: As a senior staff engineer, you will face significant technical and cultural challenges during the interview process. With a strong focus on cloud security, technical leadership, and a deep understanding of security principles and best practices, you will be well-positioned to succeed in this role and make a significant impact on the company's overall security posture.

📌 Application Steps

To apply for this staff engineer, cloud security role at Unite Us:

  1. Customize Your Portfolio: Tailor your portfolio to highlight your experience in cloud security, with a focus on AWS cloud security, IAM, SIEM, IDPS, and other relevant security tools. Include examples of your involvement in incident response activities, as well as any secure code development training, mentorship, or coaching activities.
  2. Optimize Your Resume: Highlight your relevant technical skills and experience in cloud security, with a focus on AWS cloud security, IAM, SIEM, IDPS, and other relevant security tools. Include any relevant certifications, such as CISSP, CISM, or AWS-related Security certifications.
  3. Prepare for Technical Challenges: Familiarize yourself with the company's technology stack, with a focus on AWS cloud security, IAM, SIEM, IDPS, and other relevant security tools. Practice common cloud security interview questions and prepare for hands-on technical challenges related to cloud security.
  4. Research the Company: Learn about the company's mission, values, and approach to work, with a focus on the company's social impact and the positive change it aims to create in communities across the United States. Understand the company's culture, values, and approach to work, with a focus on collaboration, cross-functional teamwork, and shared responsibility.
  5. Prepare for Behavioral Questions: Reflect on your ability to adapt to a dynamic and evolving work environment, with a focus on staying current with the latest security threats, trends, and best practices. Prepare for behavioral questions related to your problem-solving skills, communication skills, and ability to work in a collaborative, fast-paced environment.

⚠️ Important Notice: This enhanced job description includes AI-generated insights and web technology industry-standard assumptions. All details should be verified directly with the hiring organization before making application decisions.

Application Requirements

At least 8+ years of experience in information security, with a focus on security engineering and coding experience in programming languages like Python. Strong technical experience in AWS Cloud security and knowledge of security principles and frameworks is required.