Cloud & platform hardening: Enforce guardrails via IaC (e.g., Terraform), admission policies, and CSPM; champion least privilege, network segmentation, and secrets hygiene.
Product/AppSec: Run threat models on new designs; drive secure-coding patterns; implement SAST/DAST/dependency scanning; strengthen supply-chain protections (SBOM, provenance, signing).
Detection & response: Own detections for high-risk scenarios; maintain IR runbooks; lead/coach incidents and post-mortems that deliver durable fixes.
Vulnerability management: Orchestrate triage → ownership → remediation; run coordinated disclosure and occasional pentests/bug bounties.
Identity & access: Strengthen SSO/MFA, workload identities, and JIT/JEA for privileged operations; reduce long-lived credentials.
Data protection: Classify data and enforce encryption, key management, DLP, and egress controls.
Third-party & AI risk: Assess vendors and AI tooling (prompt/privacy risks, model/endpoint controls); define safe-use patterns for engineers.
Enablement: Run the Security Champions program; publish clear docs/how-tos; host knowledge sharing sessions so teams move faster on the paved road.
Compliance partnership: Map controls to SOC 2/ISO 27001 and automate evidence collection.

broad security fluency (cloud, identity, SaaS, endpoints)
deep, hands-on strength in at least two areas (e.g., AWS + IAM, or Endpoint/EDR + Detection)
automate the boring stuff so secure-by-default becomes the norm
incident-capable—calm under pressure, crisp in triage and comms
turn post-mortems into engineered, durable fixes
read and write code
design self-serve security experiences (identity patterns, secrets management, paved-road libraries)
apply an AI-first approach to triage and documentation
translate telemetry into decision-ready narratives for audiences from ICs to execs

Build paved roads, not paperwork — you ship usable guardrails, reduce toil with automation, and balance risk reduction with a great developer/employee experience.
Go deep in a couple areas, stay fluent across the rest — you have strong hands-on depth in at least two (e.g., AWS + IAM, or Endpoint/EDR + Detection) and working breadth across cloud, identity, SaaS, endpoints.
Write and read code comfortably — you contribute small libs, CI/CD checks, or Terraform modules that make secure-by-default the easy path. You build automations to reduce manual work.
Lead through incidents — calm triage, crisp comms, steady ownership; you turn postmortems into engineered, durable fixes.
Design with data — you convert telemetry and risk into clear, decision-ready narratives for ICs and execs.
Adopt an AI-first mindset — you use LLMs/AI agents where it makes sense—while humans keep the judgment.
Default to audit-ready — evidence comes from the control itself; SOC 2/ISO 27001 mapping and proof collection are automated where possible.
Influence without heavy policing — clear docs, and a Security Champions network that drives adoption.
Collaborate with curiosity — you welcome diverse perspectives, mentor generously, and learn fast.

Remote (Worldwide)

Team size: 100+. Structure: remote-first company with 100+ talented people from 25+ nationalities across 15+ countries

Agile & Resilient – You navigate change with confidence and curiosity, staying focused, flexible, and solution-oriented in an evolving landscape—maintaining momentum even in uncertain situations.
Values-Driven – Your personal values align with Katana’s culture, embracing an open, inclusive, and collaborative way of working.
Collaborative – You thrive in a cross-functional and global environment, working closely with diverse perspectives to achieve shared goals.
Critical Thinker – You balance speed with sound judgment, evaluating ideas, tools, and outputs carefully to ensure quality.
Curious & Growth-Oriented – You seek opportunities to learn, embrace feedback as a tool for growth, and continuously improve. With strong learning agility, you adapt to new challenges, experiment with AI-enabled ways of working, and thrive in evolving environments.

Katana Cloud Inventory is hiring a Senior Security Engineer

Similar Jobs