Staff Security Engineer

About the Role:

As a Staff Security Engineer, you will own the security of our infrastructure and product. As a member of the Cloud team, you will make significant hands-on code contributions to Materialize’s cloud infrastructure. Working across teams, you will level up and scale out our organizational security practices through lightweight tooling, well-crafted policy, and careful code review. You will develop a big-picture strategy, collecting and integrating input from our operations, product, and sales teams into a security roadmap that aligns our cloud and product security direction with our customer and compliance needs.

About You:

• You have many (5+) years of experience as a security-focused engineer.
• You approach security holistically: You appreciate not only the technical challenges of securing a cloud-native database but also the human elements needed to foster a security-conscious organization.
• You are a strategic thinker who will develop a clear security roadmap that blends technical requirements, compliance goals, and customer needs.
• You are customer-focused, and you can predict and articulate a customer’s security needs even better than they can themselves.
• You love to code and be hands-on. You are a builder who enjoys the challenge of crafting and scaling solutions that meaningfully improve security posture while minimizing disruption to other teams in your organization.
• You have deep experience with AWS and infrastructure-as-code tooling.
• You have strong written and verbal communication skills, and you enjoy close collaboration across teams.

Responsibilities:

• Proactively identify security improvements and harden our cloud infrastructure
• Build and manage cloud security tooling (e.g. threat detection/hunting, network, and web application firewalls, CSPM)
• Consult on architecture and provide code review of security-sensitive projects across the organization
• Chart a technical path toward advanced compliance certifications (e.g. ISO27001, PCI, HITRUST, FedRAMP)
• Support our product team by listening to customer feedback and designing customer-facing security controls (e.g. network access controls, private networking connectivity, customer-managed encryption keys)
• Collaborate with our operations team to author security-relevant policies

Bonus Points:

• Familiar with compliance standards (e.g. SOC 2, NIST, PCI DSS)
• Familiar with privacy standards (e.g. GDPR, CCPA, HIPAA)
• Familiar with cloud-native databases
• Experience with Kubernetes and containerized workloads
• Experience programming in Rust
• Experience in small to mid-startups
• Experience with Azure or GCP
• Regularly sleep with a tin foil hat

Salary: $200,000 - 230,000/year + Equity