[Remote] Manager, Security Engineering, Cloud & AppSec
Note: The job is a remote job and is open to candidates in USA. Horizon3.ai is a fast-growing, remote cybersecurity company dedicated to enabling organizations to proactively identify and address security vulnerabilities. The Manager of Security Engineering will lead a team focused on securing cloud environments and integrating security into the software development lifecycle, while also enhancing the overall security posture of the organization.ResponsibilitiesLead, coach, and grow the Security Engineering team, including both Cloud Security Engineers and Application Security EngineersSet priorities and operating rhythms for the team, balancing strategic security investments, day-to-day engineering support, and incident responseDesign and implement security controls across our Cloud environments, such as but not limited to: AWS, Azure, GCP, Digital Ocean, OCI, etc.., including IAM, SCPs, VPC security, S3 bucket policies, security groups, key management, and loggingContinuously monitor and improve cloud posture by managing and tuning services such as GuardDuty, Security Hub, AWS WAF, CloudTrail, and InspectorPartner with engineering teams to embed security into the SDLC, including secure design reviews, threat modeling, architecture review, and CI/CD security automationLead the application security program, including secure coding practices, vulnerability management, developer enablement, and product security reviewsContinuously monitor and improve application security tooling by managing and tuning services such as SonarQube, Dependency Track, ZAproxy, Trufflehog, TrivyBuild and maintain GitLab CI/CD pipelines and tooling for automated security testing and scanning of cloud resources and applicationsConduct threat modeling, architecture reviews, and risk assessments for cloud deployments, product features, and new systemsImplement security monitoring, secure systems hardening, and detective controls for malicious activity across AWS and application environmentsRespond quickly to new and emerging threats and vulnerabilities; support investigations, post-mortem analysis, root cause identification, and preventive actionsDefine and enforce identity and access management best practices, including least privilege, federated identity, role-based access control, and automated remediationDevelop and maintain security policies, standards, and procedures aligned to frameworks such as SOC 2, GDPR, ISO 27001, FedRAMP, NIST, CIS, and MITRE ATT&CKCreate metrics, reporting, and risk narratives that communicate security posture, trends, and priorities to business owners and leadershipEvaluate and recommend new tools, techniques, and controls to improve the security posture of our cloud and application environmentsDemonstrate a commitment to integrity, process improvement, and customer satisfactionRecruiting and onboarding talented individuals to support our organizational goalsMentoring, coaching, equipping, and developing your teamRecognizing and retaining high performersLeading horizontally with peer management and senior leadersSkillsMust be proficient in AWS security services, Terraform, GitLab, and modern CI/CD security practicesMust have a deep understanding of AWS security architecture, IAM, cloud posture management, data security principles, and secure SDLC practicesMust have experience leading or closely partnering with Application Security efforts, including threat modeling, vulnerability management, and security reviewsMust be knowledgeable in compliance standards and security frameworks, including SOC 2, GDPR, ISO 27001, FedRAMP, NIST, CIS, and MITRE ATT&CKMust have strong written and verbal communication skills, with the ability to explain technical risks and tradeoffs to both technical and non-technical stakeholdersMust be able to work independently and as part of a team, with a strong sense of ownership and accountabilityMust have experience developing metrics and reporting that communicate risk and security posture to leadershipMust have familiarity with DLP concepts, including data classification, identification, and protectionBachelor's degree in Computer Science, Cybersecurity, Information Systems, or a related field, or equivalent practical experience5+ years of experience in cybersecurity5+ years of experience securing AWS environments5+ years of experience securing cloud-native systems and modern software delivery pipelinesPrior experience leading security engineers or serving as a technical lead in a security engineering functionAWSTerraformCrossplaneArgoCDGitLabCI/CD security toolingCloud security monitoring and posture toolsIAM and access control systemsExperience leading both Cloud Security and Application Security teamsAWS Certified Security – SpecialtyCISSP or other relevant security certificationsExperience in high-growth SaaS or cybersecurity companiesExperience building security programs that scale across engineering organizationsBroad knowledge across the security domain, with deeper specialization in one or more areas such as incident management, detection engineering, response tooling, or logs/events processingBenefitsAll full-time roles are eligible for an equity package in the form of stock options.Inclusive Team: We value diversity and promote an inclusive culture where everyone can thrive.Growth Opportunities: Be part of a dynamic and growing team with numerous career development opportunities.Innovative Culture: Work in a collaborative environment that encourages creativity and out-of-the-box thinking.Hybrid & Remote Work: We embrace a mix of remote and hybrid work models depending on role and location, including our Chicago office, where some roles require regular in-office presence.Competitive Compensation: We offer competitive salary, equity and benefits. Our benefits include health, vision & dental insurance for you and your family, a flexible vacation policy, and generous parental leave.Company OverviewHorizon3.ai offers an autonomous penetration testing platform that helps organizations proactively find and fix security vulnerabilities. It was founded in 2019, and is headquartered in San Francisco, California, USA, with a workforce of 201-500 employees. Its website is https://www.horizon3.ai.