Envoy
Member of Technical Staff, Security/DevSecOpsSan Francisco, California, United S
Envoy, San Francisco, California, United States, 94102
Member Of Technical Staff, Security/DevSecOps
Envoy's engineering organization is scaling rapidly in the cloud. We are looking for an experienced Cloud Security / DevSecOps Engineer to harden our AWS environments, embed security into our CI/CD pipelines, and champion secure-by-default infrastructure practices. We are looking for exceptional engineers to join our growing team at Envoy. We love to drive innovation in the workplace through hack projects. If you're looking to challenge the status quo and build the Office OS. Come join us. This onsite position requires 4 days a week (Monday-Thursday) in our San Francisco HQ office. You Will
Design, implement, and continuously improve security controls in AWS, including IAM policies, VPC network segmentation, Security Groups, and secure service configuration (e.g., S3, RDS, Lambda). Own WAF management (Cloudflare WAF)
authoring rules, tuning managed rulesets, and monitoring attacks. Integrate automated security guardrails into CI/CD pipelines (GitHub Actions) for IaC, container images, and serverless deployments. Implement and enforce Infrastructure-as-Code (IaC) security scanning using tools such as tfsec, Trivy, Checkov, or Terrascan, with gating for critical findings. Lead container and orchestration security for Docker and Kubernetes/EKS, including image scanning, admission controls, runtime monitoring (Falco), and benchmark enforcement (kube-bench). Establish and operate secrets-management best practices using tools like HashiCorp Vault, AWS Secrets Manager, or SOPS, ensuring least-privilege access. Deploy, tune, and maintain AWS security services
GuardDuty, Security Hub, Config, CloudTrail, IAM Access Analyzer
for continuous detection and compliance. Conduct cloud threat modeling and risk assessments (STRIDE, AWS Well-Architected Framework) to identify gaps and prioritize mitigations. Automate security compliance reporting against frameworks such as CIS Benchmarks and NIST 800-53 using IaC and policy-as-code (e.g., Open Policy Agent). Collaborate with infrastructure and product engineering teams to embed security early and unblock delivery velocity. You Are
Autonomous and highly organized, thriving in a fast-moving environment. Passionate about enabling secure cloud engineering without blocking developer velocity. Intellectually curious, always experimenting with new cloud security tooling and best practices. A clear, concise communicator who can translate complex security topics for diverse stakeholders. You Have
Hands-on expertise securing AWS workloads, multi-account architectures, and VPC design. Deep knowledge of IAM policy design, role-based access control, and least-privilege enforcement. Proficiency with Terraform or CloudFormation and experience implementing IaC security scans in CI/CD. Demonstrated experience managing WAF solutions and mitigating web-layer attacks (OWASP Top 10, bot mitigation). Experience hardening container images and Kubernetes/EKS clusters, plus familiarity with container runtime security. Strong scripting skills in Python, Go, or similar for automation and tooling integration. Experience performing cloud security risk assessments and threat modeling for new services. Familiarity with AWS security tooling (GuardDuty, Config, Security Hub, Macie, Access Analyzer). Excellent written and verbal communication skills and the ability to educate engineers on secure practices. You'll Get
A high degree of trust in your ideas and execution An opportunity to partner and collaborate with other talented people An inclusive community where you feel welcomed and cared for as a person The ability to make an immediate impact helping customers create a great workplace experience Support for your personal and professional growth This application will only be open for two weeks! Don't miss your chanceapply now before the deadline closes! Compensation Description
Envoy's compensation package includes a market-competitive salary, equity for all full-time roles, and great benefits. If you are located in the San Francisco/Bay Area, our expected cash compensation for this role is $190K-$205K (Annually). Final offers may vary within the range provided based on experience, expertise, and other factors. If you have any questions related to compensation, please contact Recruiting after you apply.
Envoy's engineering organization is scaling rapidly in the cloud. We are looking for an experienced Cloud Security / DevSecOps Engineer to harden our AWS environments, embed security into our CI/CD pipelines, and champion secure-by-default infrastructure practices. We are looking for exceptional engineers to join our growing team at Envoy. We love to drive innovation in the workplace through hack projects. If you're looking to challenge the status quo and build the Office OS. Come join us. This onsite position requires 4 days a week (Monday-Thursday) in our San Francisco HQ office. You Will
Design, implement, and continuously improve security controls in AWS, including IAM policies, VPC network segmentation, Security Groups, and secure service configuration (e.g., S3, RDS, Lambda). Own WAF management (Cloudflare WAF)
authoring rules, tuning managed rulesets, and monitoring attacks. Integrate automated security guardrails into CI/CD pipelines (GitHub Actions) for IaC, container images, and serverless deployments. Implement and enforce Infrastructure-as-Code (IaC) security scanning using tools such as tfsec, Trivy, Checkov, or Terrascan, with gating for critical findings. Lead container and orchestration security for Docker and Kubernetes/EKS, including image scanning, admission controls, runtime monitoring (Falco), and benchmark enforcement (kube-bench). Establish and operate secrets-management best practices using tools like HashiCorp Vault, AWS Secrets Manager, or SOPS, ensuring least-privilege access. Deploy, tune, and maintain AWS security services
GuardDuty, Security Hub, Config, CloudTrail, IAM Access Analyzer
for continuous detection and compliance. Conduct cloud threat modeling and risk assessments (STRIDE, AWS Well-Architected Framework) to identify gaps and prioritize mitigations. Automate security compliance reporting against frameworks such as CIS Benchmarks and NIST 800-53 using IaC and policy-as-code (e.g., Open Policy Agent). Collaborate with infrastructure and product engineering teams to embed security early and unblock delivery velocity. You Are
Autonomous and highly organized, thriving in a fast-moving environment. Passionate about enabling secure cloud engineering without blocking developer velocity. Intellectually curious, always experimenting with new cloud security tooling and best practices. A clear, concise communicator who can translate complex security topics for diverse stakeholders. You Have
Hands-on expertise securing AWS workloads, multi-account architectures, and VPC design. Deep knowledge of IAM policy design, role-based access control, and least-privilege enforcement. Proficiency with Terraform or CloudFormation and experience implementing IaC security scans in CI/CD. Demonstrated experience managing WAF solutions and mitigating web-layer attacks (OWASP Top 10, bot mitigation). Experience hardening container images and Kubernetes/EKS clusters, plus familiarity with container runtime security. Strong scripting skills in Python, Go, or similar for automation and tooling integration. Experience performing cloud security risk assessments and threat modeling for new services. Familiarity with AWS security tooling (GuardDuty, Config, Security Hub, Macie, Access Analyzer). Excellent written and verbal communication skills and the ability to educate engineers on secure practices. You'll Get
A high degree of trust in your ideas and execution An opportunity to partner and collaborate with other talented people An inclusive community where you feel welcomed and cared for as a person The ability to make an immediate impact helping customers create a great workplace experience Support for your personal and professional growth This application will only be open for two weeks! Don't miss your chanceapply now before the deadline closes! Compensation Description
Envoy's compensation package includes a market-competitive salary, equity for all full-time roles, and great benefits. If you are located in the San Francisco/Bay Area, our expected cash compensation for this role is $190K-$205K (Annually). Final offers may vary within the range provided based on experience, expertise, and other factors. If you have any questions related to compensation, please contact Recruiting after you apply.