Staff Cloud Security Engineer

We're looking for problem solvers, innovators, and dreamers who are searching for anything but business as usual. Like us, you're a high performer who's an expert at your craft, constantly challenging the status quo. You value inclusivity and want to join a culture that empowers you to show up as your authentic self. You know that success hinges on commitment, that our differences make us stronger, and that the finish line is always sweeter when the whole team crosses together.

We are seeking a highly skilled
Cloud Security Staff Engineer
to lead the design, implementation, and continuous improvement of our cloud security posture across
AWS, GCP, and Azure
. The ideal candidate will have deep expertise in
Zero Trust architecture, least privilege models, Kubernetes security, cloud security architecture, and threat modeling
, along with hands-on experience in
Terraform, scripting, and automation
. This role will also support our
DevSecOps initiatives
by embedding security into CI/CD pipelines and reviewing new cloud services and containerized workloads for security risks.

Key Responsibilities

• Cloud & Kubernetes Security Architecture

• Design and implement security architectures for multi-cloud environments (AWS, GCP, Azure) based on Zero Trust and least privilege principles.

• Build and enforce security controls for Kubernetes clusters (EKS, GKE, AKS) covering RBAC, network policies, runtime security, and secrets management.
• Perform architecture and design reviews of new cloud services and containerized workloads.

• Lead cloud and container threat modeling exercises to identify and mitigate risks early in the design phase.

• Security Governance & Risk Management

• Define and implement policies, standards, and guidelines for secure cloud and container operations.

• Partner with platform teams to integrate security-as-code using Terraform and CI/CD pipelines.

• Continuously assess cloud and Kubernetes environments for misconfigurations, vulnerabilities, and compliance gaps.

• Automation & Tooling

• Develop automation for cloud and Kubernetes security monitoring, vulnerability management, and compliance enforcement.

• Evaluate and integrate new cloud-native and container-native security tools (e.g., Falco, Trivy, Aqua, Prisma Cloud).

• DevSecOps & Secure SDLC Support

• Embed security into CI/CD pipelines with automated scanning for infrastructure, container images, and application code.

• Support secure image building, signing, and deployment practices.

• Mentor teams on secure cloud-native development and operations.

• Cross-Functional Collaboration & Leadership

• Serve as a subject matter expert (SME) for cloud and Kubernetes security across the organization.

• Influence strategic security initiatives and provide technical guidance to engineering teams.

Required Qualifications

• 8+ years of experience in Information Security, with 5+ years in cloud security architecture.
• Expertise in AWS, GCP, and Azure security features, controls, and best practices.
• Proven experience with Kubernetes security (RBAC, network policies, admission controllers, runtime security).
• Strong background in Zero Trust architectures, least privilege models, and threat modeling.
• Proficiency in Terraform and scripting languages (Python, Bash, PowerShell, etc.).
• Experience with IAM, network security, encryption, and key management.
• Familiarity with DevSecOps, secure CI/CD pipelines, and container image security.
• Excellent problem-solving, communication, and collaboration skills.

Preferred Qualifications

• Relevant certifications (e.g., CCSP, CISSP, AWS Security Specialty, GCP Professional Cloud Security Engineer, Azure Security Engineer Associate).
• Experience with container security (Kubernetes, Docker) and cloud-native security platforms.
• Good to have knowledge of compliance frameworks (ISO 27001, SOC 2, PCI-DSS, etc.).

Find yourself checking a lot of these boxes but doubting whether you should apply? At Alteryx, we support a growth mindset for our associates through all stages of their careers. If you meet some of the requirements and you share our values, we encourage you to apply. As part of our ongoing commitment to a diverse, equitable, and inclusive workplace, we're invested in building teams with a wide variety of backgrounds, identities, and experiences.

This position involves access to software/technology that is subject to U.S. export controls. Any job offer made will be contingent upon the applicant's capacity to serve in compliance with U.S. export controls.