Senior Enterprise Application Security Engineer

### Who you are
- Experience: 5+ years of experience in Cloud Security, DevSecOps, or Infrastructure Engineering, with at least 3 years focused on public cloud (AWS, Azure, and GCP)
- Technical Mastery: Deep hands-on expertise with Terraform, Kubernetes, and Linux environments
- Coding/Scripting: Proficiency in Python, Go, or Bash for automating security tasks and building custom tooling
- Security Tooling: Experience implementing and tuning CSPM/CNAPP tools (e.g., Wiz, Prisma Cloud, Orca, Sysdig) and SIEM platforms (Tenex, Splunk, Datadog Security)
- Frameworks: Working knowledge of NIST CSF, NIST 800-53, or FedRAMP requirements
- Aerospace/Defense Experience: Familiarity with DO-326A (Airworthiness Security), ITAR regulations, or safety-critical systems
- Certifications: AWS Certified Security – Specialty, Azure Security Engineer (AZ-500), CKA (Certified Kubernetes Administrator), and CISSP, CISM
- Architecture: Experience designing "Zero Trust" networks and implementing Service Mesh (e.g., Istio, Linkerd) security
- Offensive Security: Experience conducting cloud penetration tests or "Purple Team" exercises to validate defenses

### What the job involves
- We are looking for a top-tier Enterprise Cloud Security Engineer to design and secure the cloud infrastructure supporting the next phase of sustainable air mobility
- You are a collaborative, hands-on professional with excellent communication skills and the ability to see the big picture
- In this role, you will be responsible for securing our cloud-native environments (AWS/Azure) and ensuring that our telemetry, flight operations, and enterprise systems are protected against advanced persistent threats
- You will connect DevOps and Security by incorporating "secure-by-design" principles into our Infrastructure as Code (IaC) and CI/CD pipelines, while ensuring compliance with aviation and federal standards (NIST CSF, 800-53, FedRAMP, DO-326A)
- Cloud Architecture & Hardening: Design, implement, and maintain secure cloud architectures across AWS and Azure. Enforce zero-trust principles and least-privilege access using advanced IAM policies and roles
- Infrastructure as Code (IaC) Security: Lead the security review and automated scanning of IaC templates (Terraform, CloudFormation, Helm). Prevent misconfigurations before they reach production
- DevSecOps & Automation: Integrate security tooling (CSPM, CWPP, Secret Scanning) directly into CI/CD pipelines (Jenkins, GitLab, GitHub Actions) to enable rapid, secure deployment
- Kubernetes & Container Security: Secure containerized workloads and orchestration platforms (EKS/AKS), ensuring runtime protection, image scanning, and network segmentation
- Compliance & Governance: Map cloud security controls to industry frameworks, including NIST SP 800-53, ISO 27001, and aviation-specific standards like DO-326A—Automate evidence collection for audits
- Threat Detection & Incident Response: Build high-fidelity detection rules for cloud threats using SIEM/SOAR platforms. Lead investigations into cloud security incidents and perform forensics on ephemeral workloads
- Telemetry & Data Protection: safeguard critical flight telemetry and sensitive data pipelines through robust encryption, key management (KMS/HSM), and data loss prevention (DLP) strategies