Staff Cloud Security Engineer

About the role 🎉
We are looking for an experienced Cloud Security Engineer who is eager to design and implement industry-leading security practices at a growing cloud-based SaaS company. You’ll be security hire #1, with a mission to ensure that Runway’s environment and customer content remain secure in the cloud.
You will collaborate across multiple teams including engineering, research, and product and across multiple themes including infrastructure security, security operations and training, and incident response. We’re looking for someone that has deep technical expertise and who is driven to set the security standard at a fast-paced, growing startup. As the first hire on a one-person security team, this role will feature high levels of ownership and growth potential.
What you’ll do 🎨

 
Own security at Runway
 
Identify and communicate security risks to all relevant stakeholders. Lead the charge in protecting against these risks
 
Lead incident detection and response for security incidents at the company
 
Expand on and re-define the current security posture at Runway

What you’ll need 💻

 
Strong experience working with and securing AWS cloud environments, including IAM, EKS, EC2, Lambda, S3, RDS, ECR, CloudTrail, GuardDuty, AWS Config, etc.
 
Extensive experience in security operations and threat detection in the cloud before they cause material damage to the business. In the event an alert is identified as a security incident, you will kick off Incident Response.
 
Strong experience in security automation and tool development to secure our cloud.
 
Advocate for and experience with Infrastructure as Code (IaC) practices including Terraform, CloudFormation, GitOps, environment isolation, etc.
 
Experience with Docker containers and Kubernetes security practices such as container hardening, pod-security policies, network security policies, etc.
 
Experience implementing and facilitating strong role-based access control (RBAC) policies across an organization.
 
Experience with risk assessment and prioritization, including maintaining a risk register and regularly using it to prioritize and define new work.
 
Experience in one or more programming languages (Python, Node.js, etc.) and shell scripting.
 
Scrappiness. At a company of our size, sprints are short and quick iteration is key to our success, especially with an external environment that poses many threats and an internal environment with limited human resources.