Senior Cloud & Application Security Engineer

About the Team

Our customers entrust us with some of their most sensitive and personal financial information, and it is the ultimate mission of Valon’s Security team to ensure we have sound programs, processes, and automation in place to safeguard our customers’ data. The Security team protects the infrastructure and data for processing billions of dollars of mortgage loans. We work cross-functionally with product, engineering, IT, legal, and more to enable security throughout the organization. We engage with external security auditors, pentesting firms, and partners to continuously evaluate Valon’s security posture.

About the Role

We are seeking an experienced and skilled Senior Security Engineer (Cloud Platform and Application Security) to join our growing team! As a key security member at Valon, you will play a critical role in ensuring the security of our organization's systems, cloud infrastructure, products and data. This position requires a deep understanding of security technologies, cloud platform and application security, secure SDLC practices, security risk and controls, and the ability to collaborate with cross-functional teams to ensure we protect our most critical assets to uphold trust with our customers and stakeholders.

Responsibilities

• Cloud Security Design and Implementation: Develop and implement security architectures for cloud platforms (e.g., Google Cloud, AWS) that ensure the confidentiality, integrity, and availability of our cloud resources
• Application Security: Conduct security assessments, support code reviews, and vulnerability scanning to identify and mitigate risks in applications. Collaborate with engineering teams to integrate DevSecOps practices into the Software Development Life Cycle (SDLC)
• Conduct in-depth analysis of security events, incidents, and vulnerabilities to identify root causes and recommend corrective actions
• Manage and optimize security tools such as CSPM, CIEM, CDR, DSPM, SAST/DAST, SCA and/or related technologies
• Assist in vulnerability assessments and penetration testing activities including remediating security issues
• Collaborate with other teams to ensure the effective integration of security controls across the organization including infrastructure and applications
• Develop, implement, and enforce security policies, standards, and procedures 
• Maintain accurate and up-to-date documentation of security processes, procedures, and configurations
• Develop security metrics and reporting for management review
• Support operational activities including security advisory and design, vendor security reviews, issue remediation, security awareness and training, and other processes
• Support audit and compliance activities for various security domains

Ideal Background

• Proven experience in a security engineer or related role, with a focus on cloud platform and infrastructure security, application/product security, detection and response, and/or vulnerability management.
• In-depth knowledge and implementation of platform and application security technologies, including CSPM, CIEM, CDR, DSPM, SAST/DAST, SCA and/or related vulnerability and security management tools.
• Strong understanding of application development, code reviews, networking protocols, configuration management, infrastructure security or related domains
• Experience with cloud security and environments (strong GCP experience is preferred)
• Ability to work autonomously and navigate complex efforts including driving multiple projects
• Ability to foster strong relationships and partner with stakeholders to drive results
• Excellent communication and collaboration skills, with the ability to explain complex security concepts to technical and non-technical stakeholders
• Knowledge of security and compliance frameworks and requirements (OWASP, SOC 2, NIST, ISO, CIS, etc.)
• Experience or exposure to startup environments is a plus

Minimum Qualifications

• Minimum of 5 years as a technical security engineer with relevant responsibilities and background
• Bachelor's degree in Computer Science, Information Security, Technology, or a related field
• Relevant security certifications (e.g., CISSP, CISM, CCSK, CCSP).  Google Cloud Security Engineer or related certificates are a plus.
• Strong knowledge of cloud environments
• Experience with security technologies (specifically cloud platform and application security tools above)

Benefits

• Base salary band: $170,000 - $200,000
• Compensation: competitive salary with a meaningful stake in the company via equity, and 401k plan 
• Health & well-being: we’ll invest in your physical and mental well-being with comprehensive medical, dental, & vision benefits
• Food & meals: in-office snacks and drinks, and a $400 monthly stipend towards your lunches or groceries 
• Commuter benefits: We offer pre-tax deductions for public transportation, rideshare services, and parking expenses to make your commute more affordable and convenient.
• Grow together: Company wide orientation for you to successfully onboard and other learning & development opportunities including regular review cycles that feature 360 degree feedback
• Play together: quarterly budgets for team and company outings. Use it for team swag, cooking classes, or team dinners!
• Generous time off: flexible paid time off, sick days, and 11 company holidays 
• Baby bonding time!: 12 weeks off for both birthing and non-birthing parents - fully paid so you can focus your energy on your newest addition