Note: The job is a remote job and is open to candidates in USA. Temporal Technologies is an open source programming model company that is on a mission to simplify code and improve the reliability of applications. They are seeking a Staff Cloud Security Engineer to secure their cloud environment by collaborating with teams to integrate security into their platform and managing cloud security posture.
Responsibilities
- Collaborate with product and engineering teams to integrate security principles into the design and architecture of cloud infrastructure across multiple clouds (AWS, GCP, Azure, and others)
- Secure Temporal's core platform components, including the workflow engine, task queue architecture, and worker execution model - identifying attack surfaces unique to durable, stateful distributed systems
- Conduct threat modeling and risk assessments to identify vulnerabilities and potential attack vectors across our multi-cloud environment, with particular focus on workflow execution, task queue integrity, and client-server trust boundaries
- Secure Temporal's gRPC-based communication layer, including mTLS certificate management, service mesh configuration, and API authentication
- Manage cloud security posture using tools such as Wiz, including misconfiguration detection, compliance monitoring, and remediation across all three cloud providers
- Stay current on emerging cloud security standards and guidance (e.g. CSA Cloud Controls Matrix, CIS Benchmarks) and translate these into actionable internal policy
- Able to participate in on-call rotation
Skills
- Bachelor's degree in Computer Science, Cybersecurity, or a related field (or equivalent experience)
- 5+ years in cloud security or a related role
- Proven partnership with engineering teams, bringing security expertise to infrastructure access and security posture
- Kubernetes security posture management and auditing, including workload hardening, RBAC design, and admission control
- Demonstrated experience with multi-tenant security architecture, including data plane isolation, control plane hardening, and cross-tenant data leakage prevention
- Strong opinions on the use of AI in different areas (assessments, threat models, penetration testing, etc)
- A deep understanding of application architecture and design principles, ability to effectively identify vulnerabilities across multiple programming languages
- Experience with secrets management at scale (e.g. HashiCorp Vault, AWS Secrets Manager) and payload encryption patterns such as codec servers for protecting sensitive workflow data
- Proficiency in Go; familiarity with Python. Go is Temporal's primary server and SDK language
- Strong command of gRPC security, mTLS, and service mesh architectures (Istio, Envoy)
- Excellent communication and ability to explain complex security concepts to non-technical stakeholders
- Excellent collaboration and communication skills
- Prior experience with Temporal, Cadence, or similar workflow orchestration platforms and an understanding of workflow history, replay semantics, and scheduling internals
- FedRAMP, SOC 2 Type II, or ISO 27001 experience, particularly in the context of cloud-native SaaS
- Open Source automation or automation projects
- Expertise in other areas of security (AppSec, CorpSec, GRC)
- Security conference talks or published research
Benefits
- Unlimited PTO, 12 Holidays + 2 Floating Holidays
- 100% Premiums Coverage for Medical, Dental, and Vision
- AD&D, LT & ST Disability, and Life Insurance (Standard & Supplemental Available)
- Empower 401K Plan
- Additional Perks for Learning & Development, Lifestyle Spending, In-Home Office Setup, Professional Memberships, WFH Meals, Internet Stipend and more!
- Paid Time Off (PTO) and Benefits outside the United States vary by country, and are issued in partnership with Remote.com.
- Perks to all international employees for learning & career development, a lifestyle spending account, in-home office setup (in addition to company-issued hardware), professional memberships, work-from-home meals, and access to the Calm app for mental wellness.
- Occasional travel may be required for company events, team offsites, and other meaningful moments that bring us together.
- $3,600 / Year Work from Home Meals
- $1,800 / Year Professional Enrichment (Career Development & Professional Memberships)
- $1,200 / Year Lifestyle Spending Account
- $1,000 / Year In-Home Office Setup (In addition to Temporal issued equipment - laptop, monitor, keyboard, mouse, trackpad, and extension power cable at no cost to you)
- $74 / Month Reimbursement for Internet
- Calm App Subscription for Mental Health & Wellness
Company Overview
Company H1B Sponsorship