Mondoo is creating a new way that helps companies keep their users and data safe from hackers around the world. We believe that a great user experience and visual design will help our users to love and enjoy our product and make it easier to take action against attackers.
Your impact
You will have a direct impact on the Mondoo Platform including our policy engine, resources, scale, and multi-region functionality. You will be helping teams to assess, scope, prioritize, triage and remediate security findings.
Key responsibilities
We're seeking a skilled Security Policy Engineer to join our dynamic team. In this role, you'll be responsible for translating complex security requirements into code, implementing and maintaining security policies across our infrastructure, and collaborating with various teams to ensure our systems meet the highest security standards. You'll play a crucial role in our "policy as code" approach, helping to automate and scale our security practices.
Translate security requirements and compliance standards into executable code and policies
Develop, implement, and maintain security policies using policy as code frameworks (MQL)
Collaborate with security, development, and operations teams to integrate security policies into CI/CD pipelines
Design and implement automated security checks and controls across cloud environments (AWS, Azure, GCP), Kubernetes and operating systems
Contribute to the development of internal security tools and libraries
Participate actively in our RFC (Request for Comments) process for security architecture and policy decisions
Conduct security assessments and audits to ensure compliance with internal policies and external regulations
Optimize existing security policies for performance and scalability
Stay up-to-date with emerging security threats, compliance requirements, and best practices in policy as code
Troubleshoot and resolve security policy implementation issues
Provide guidance and training to other teams on security policy implementation and best practices
Contribute to the continuous improvement of our security posture and processes
Required qualifications
Bachelor's degree in Computer Science, Cybersecurity, or related field
3+ years of experience in security engineering or policy implementation
Strong programming skills in at least one language (e.g., Go, Python, Java)
Experience with policy as code frameworks (e.g. Open Policy Agent, HashiCorp Sentinel)
Proficiency in writing and maintaining infrastructure as code (e.g., Terraform, CloudFormation)
Solid understanding of cloud security principles and best practices
Strong knowledge of at least one major cloud platform (AWS, Azure, or GCP) and its security features
Extensive experience with Linux and Windows operating systems
In-depth understanding of TCP/IP networking protocols and concepts
Experience with container technologies and orchestration (e.g., Docker, Kubernetes)
Familiarity with common compliance standards (e.g., CIS, SOC 2, ISO 27001, HIPAA)
Experience with version control systems (preferably Git)
Excellent problem-solving and analytical skills
Strong written and communication skills with proven fluency in English
Ability to articulate complex security and IT concepts to both technical and non-technical audiences
Preferred qualifications
Master's degree in Cybersecurity or related field
Relevant security certifications (e.g., OSCP, CISSP, CCSP, CSPM)
Cloud-specific certifications (e.g., AWS Certified Security - Specialty, Azure Security Engineer, Google Professional Cloud Security Engineer)
Experience with multiple cloud platforms (AWS, Azure, GCP)
Familiarity with cloud-native security tools and services
Experience with SIEM tools and log analysis in diverse IT environments
Knowledge of compliance frameworks for both cloud and on-premises infrastructures
Familiarity with threat modeling and risk assessment methodologies for various IT architectures
Knowledge of cryptography principles and implementations across different platforms
Experience with security automation and orchestration tools in heterogeneous environments
Contributions to open-source security projects or tools
Previous experience participating in or leading RFC processes for complex security architectures
Application Process
As part of your application, please share links to your GitHub/GitLab repositories or a portfolio of projects that demonstrate your experience with security policy implementation, policy as code, and relevant cloud security tools. We're particularly interested in seeing examples that showcase your ability to translate complex security requirements into executable code for cloud environments.
If you're passionate about enhancing cloud security through code, implementing scalable and automated security policies across cloud platforms, participating in collaborative security design processes, and staying at the forefront of cloud security best practices, we'd love to hear from you!
#J-18808-Ljbffr