Job Specifications
At Braze, we have found our people. We’re a genuinely approachable, exceptionally kind, and intensely passionate crew.
We seek to ignite that passion by setting high standards, championing teamwork, and creating work-life harmony as we collectively navigate rapid growth on a global scale while striving for greater equity and opportunity – inside and outside our organization.
To flourish here, you must be prepared to set a high bar for yourself and those around you. There is always a way to contribute: Acting with autonomy, having accountability and being open to new perspectives are essential to our continued success.
Our deep curiosity to learn and our eagerness to share diverse passions with others gives us balance and injects a one-of-a-kind vibrancy into our culture.
If you are driven to solve exhilarating challenges and have a bias toward action in the face of change, you will be empowered to make a real impact here, with a sharp and passionate team at your back. If Braze sounds like a place where you can thrive, we can’t wait to meet you.
What You'll Do
Braze is seeking a Senior Cloud Security Engineer to join our existing Security Engineering function. Braze is a modern, cloud-first SaaS company operating entirely on cloud-native infrastructure with large-scale, distributed systems across AWS, GCP, and self-managed Kubernetes environments. We are looking for an engineer with deep cloud security expertise who can partner with DevOps, Infrastructure, and Product Engineering teams to strengthen our cloud posture, secure our platforms, and help drive the future of Cloud Security at Braze.
As a Senior Cloud Security Engineer at Braze, you will work on a diverse set of initiatives, including:
Working closely with Infrastructure, SRE, and Product Engineering to design secure cloud architectures and develop practical, scalable security controls for new and existing services
Implementing and improving end-to-end cloud security controls across AWS, GCP, Kubernetes, CI/CD pipelines, and self-managed systems
Leading and improving our existing vulnerability management workflow for cloud assets, including scanning, triage, prioritization, and remediation with tools like Tenable and native CSP capabilities
Managing and optimizing security tooling such as CrowdStrike (EDR/CSPM/IR), cloud-native security services, and SIEM detection rules (with the help of our existing SIEM Management function)
Performing threat modeling for new cloud technologies and patterns adopted across engineering
Contributing directly to incident response, cloud forensics, and run-time security investigations
Securing and supporting Infrastructure-as-Code deployments, with ownership over the design and hardening of IaC and CI/CD automation pipelines
Developing automation using Python and SOAR platforms to improve detection, response, and remediation workflows
Enhancing cloud logging, alerting, monitoring, and operational visibility across AWS and GCP
Continually assessing cloud security posture and identifying opportunities to reduce risk, harden environments, and adopt best-in-class cloud security practices
WHO YOU ARE
You are someone who can translate complex cloud attack paths, IAM misconfigurations, and multi-step threat scenarios into clear guidance for engineers and product teams. You bring deep hands-on experience securing large-scale cloud platforms—especially AWS - and understand how to balance strong security controls with operational realities. You stay current with cloud security trends, tools, standards, and threat landscapes, and you have a track record of improving real-world cloud security in production environments.
A Good Candidate Will Have
5+ years of experience working in Cloud Security, Infrastructure Security, or DevSecOps in a product-focused company
Demonstrable, expert level skills in modern enterprise networking
Expert-level knowledge of AWS security, including IAM, control plane security, network controls, logging, monitoring, and cloud-native security services
Strong understanding of GCP security, with Azure familiarity as a plus
Significant experience with self-managed Kubernetes/K8’s
Hands-on experience with CrowdStrike, Tenable, and native cloud CSPM/CWPP tooling
Proven track record as an incident responder in cloud environments
Strong understanding of run-time security, CSPM concepts, cloud forensics, and vulnerability management workflows
Deep operational experience with IAM, RBAC, and integrations with external identity providers
Experience securing CI/CD pipelines and Infrastructure-as-Code (Terraform preferred)
Strong Python skills for automation and SOAR workflows
Knowledge of securing distributed systems, including experience with self-managed databases such as MongoDB
Familiarity with common security frameworks and regulations (SOC 2, ISO 27001, NIST), and understanding how they apply to cloud environments
Ability to articulate risk clearly and provide actionable mitigation strategies to engi