Cloud Security Engineer

We're looking for a Cloud Security Engineer to join our team. As a Cloud Security Engineer at Starling, you'll be building and supporting tooling and infrastructure that spans across AWS and GCP supporting our internal operations and interfacing with other teams to deliver the services that support our business.

Key Responsibilities:

• Engineer Secure Foundations: You will lead the design and implementation of critical security services, with a heavy focus on building robust Identity and Access Management (IAM) systems and automated, API-driven certificate management workflows.
• Security-as-Code & Scalability: Leveraging a software-first philosophy, you will develop and maintain high-quality, scalable security tooling and middleware within ECS and Kubernetes environments, ensuring security logic is integrated directly into the deployment pipeline.
• Collaborative Code Ownership: You will serve as a technical authority in cross-functional code reviews, acting as an engineering peer who helps teams bake security into their services from the first line of code to the final pull request.
• Proactive System Hardening: You will stay ahead of the evolving threat landscape by treating security as a continuous engineering challenge,proactively identifying vulnerabilities and architecting technical solutions to fortify our global ecosystem.

Professional Requirements:

• Demonstrated ability to architect secure, distributed systems with a focus on programmatic IAM and automated, API-driven PKI management.
• Extensive experience with Infrastructure as Code (IaC) in Terraform and a deep commitment to writing clean, maintainable, and production-grade code,ideally in Golang.
• A test-first mentality toward security, with experience building unit and integration tests into CI/CD pipelines to ensure that security guardrails are as reliable as the features they protect.
• A strong conceptual grasp of cryptographic primitives and hands-on experience securing containerized workloads and service meshes within ECS and Kubernetes.
• A track record of taking end-to-end ownership of complex technical projects, from initial design docs and RFCs through to deployment and observability.
• A belief that if it isn't tested, it's broken, and a drive to proactively identify and fix vulnerabilities by treating security as a continuous engineering challenge.

Our Team Philosophy: The Security Engineering team is a diverse and dynamic group passionate about building secure and resilient systems. We're enthusiastic about security, but we're not about rigid, one-size-fits-all controls. We believe in striking a balance between protecting our systems and empowering our developers to build and innovate.