Senior Application Security Engineer

About the Role:
CloudZero is seeking our first Senior Application Security Engineer. In this pivotal role, you will shape the security framework of our market-leading cloud cost intelligence platform, addressing some of the most critical challenges cloud-driven businesses face today. You will establish and champion best-in-class security practices, ensuring our platform remains resilient and our customers’ sensitive data is always safeguarded.
Collaborating closely with our engineering teams, you will design and implement secure development processes, identify and address vulnerabilities, and foster a security-first mindset throughout our product lifecycle. This is a unique opportunity to make a foundational impact on the security of an innovative, fast-growing company by building scalable, proactive solutions that protect both our platform and the customers who trust us.

Responsibilities:

• Develop and Lead Security Programs:
• Build and lead our application security program, aligning security initiatives with business and engineering priorities.
• Champion and drive a Security Champions Program to empower developers and cultivate a security-first culture across the organization.
• Integrate Security into Development:
• Promote and implement processes that make security a shared responsibility, integrating it seamlessly into our development lifecycle.
• Equip developers with the tools and guidance to make secure choices easy, scalable, and effective.
• Collaborate Across Teams:
• Partner with Engineering and the broader Security organization to embed security into development and deployment processes.
• Work closely with Engineering and SecOps teams to secure our AWS-based infrastructure, ensuring adherence to best practices for identity management, logging, and secure configurations.
• Collaborate with Security and Operations teams to align on broader security initiatives and enhance overall resilience.
• Security Assessments and Risk Mitigation:
• Conduct security assessments, code reviews, threat modeling, and penetration testing to identify and mitigate risks early.
• Manage and optimize application security tooling, including static (SAST) and dynamic (DAST) analysis tools and CI/CD integrations.
• Automation and Innovation:
• Explore and implement security automation to improve efficiency and coverage, utilizing your Python expertise to build scalable tools and workflows.
• Stay ahead of emerging threats, trends, and technologies to keep our applications, APIs, and cloud environments secure.
• Incident Response:
• Participate in our incident response team on-call rotation to address and resolve security incidents promptly.

• 3-5+ years of Python experience.
• 3-5+ years of AWS, GCP, and Azure experience.
• Strong foundation in application security.
• Proven expertise with application security testing tools, such as Burp Suite.
• Strong understanding of OWASP Top 10.
• Experience conducting penetration tests, including manual testing, to uncover business logic flaws, API vulnerabilities, and complex attack vectors.
• Familiarity with SCA tools (e.g., Snyk, Dependency-Check) to manage open-source security risks.
• Hands-on experience securing AWS environments, including services like Lambda, IAM, GuardDuty, Security Hub, and WAF.
• Knowledge and experience securing CI/CD pipelines.
• Strong understanding of secure coding practices, vulnerability management, and compliance frameworks (e.g., SOC 2, ISO 27001).
• Familiarity with threat modeling frameworks and experience applying them to real-world applications.
• Exceptional communication skills, with the ability to explain technical concepts to developers, executives, and non-technical stakeholders.
• A proactive mindset with a passion for enabling developers to adopt secure practices without friction.
• Ability to participate in our incident response team on-call rotation.
  

About CloudZero
Cloud cost management is one of the biggest challenges organizations face today. As cloud adoption continues to accelerate, so do the complexities and costs associated with it — and macroeconomic conditions only increase pressure to prove cloud efficiency. That’s why we built CloudZero: a SaaS platform at the intersection of next-generation cloud cost management and FinOps. CloudZero ingests billing and usage data from all cloud, SaaS, and PaaS providers, organizes it in real time according to our customers’ business structures, lets customers view it at any level of time or resource granularity, and ultimately empowers them to make more informed business decisions.

Since our founding in 2016, our mission has been to make efficient innovation a reality for every cloud-driven organization. At CloudZero, we believe every engineering decision is a buying decision, yet the cost conversation often bypasses the engineers who drive those determinations. To solve this, we’ve built a dynamic, single-page application that answers the complex, data-heavy questions every cloud-based organization needs to ask if they want to grow their company profitably.

To date, we’ve raised over $52 million from leading venture capital firms across the country. We’re solving problems of massive scale, business importance, and complexity in a space that needs it more than ever. We’re growing rapidly and would love for you to be a part of it!

Equal Opportunity Employer

CloudZero is an equal opportunity employer and values diversity. We do not discriminate on the basis of race, religion, color, national origin, sex, gender, gender expression, sexual orientation, age, marital status, veteran status or disability status. All job offers are contingent upon the candidate passing background and reference checks.

**Applicants must be authorized to work for ANY employer in the United States. We are unable to sponsor or take over sponsorship of an employment Visa at this time.**