Opportunities at AVP portfolio companies


Senior Cloud Security Engineer



Other Engineering
United States · Remote
Posted on Tuesday, September 12, 2023
Join us on the tech team of an extremely fast-growing, technology-driven startup that's making effective skincare accessible to everyone.
Curology is a technology company building the future of skincare through personalized prescription treatment. We believe that dermatology should be accessible to everyone—great skin shouldn't be a luxury, but a fact of life. To make this possible, we're building tech to power an entire in-house medical ecosystem, covering everything from medical care to provider licensing and pharmacy fulfillment operations.
Join our rapidly growing Platform team with exciting projects that enable our engineers to build services that make affordable and effective skincare accessible to everyone.
People, productivity, and security are at the forefront of our mission as a Cloud Security Engineer. We actively collaborate with our teams and stakeholders to maintain and improve the security of our services. Our team achieves all this by working with teammates who are: tenacious about engineering velocity and security; continually seek self-improvement; excited to experiment with new technologies and concepts.

In this role, you will:

  • Be responsible for the development, implementation, and management of the company’s cloud security framework. Leveraging a deep understanding of cloud architecture, security protocols, and compliance standards, this role ensures the integrity, confidentiality, and availability of data across our platform. Here are some examples of what you can look forward to working on:
  • Cloud security: Implement some of AWS's native security services such as GuardDuty, Inspector, and Macie, and take action on the findings/recommendations from those services. This includes mostly infrastructure-hardening work, such as closing ports, patching machines/containers, adding encryption, etc.
  • Security monitoring: Actively monitor our security posture. Establish a security monitoring and alerting process that surfaces potential threats to relevant members of the team.
  • Security Advocacy: Collaborate with cross-functional teams to advocate for security best practices, and ensure secure software development life cycle integration.
  • Dependency vulnerability management: Conduct regular security assessments, penetration tests, and vulnerability scanning. Provide actionable feedback and ensure mitigation of identified vulnerabilities.
  • Automation & Integration: Utilize DevSecOps tools and principles to automate security tasks and integrate security checks into CI/CD pipelines.
  • Application security: Evaluate our application security against the OWASP Top 10 to look for particular vulnerabilities or areas of focus. As we identify them, work with engineering teams to remedy issues. Integrate tooling such as Snyk or Github Advanced Security to do static analysis of our codebase and alert developers when potential changes would introduce security vulnerabilities.
  • Disaster Recovery + Incident Response Gamedays: Regular testing of our disaster recovery plan. This involves getting a group of responders together to run through a gameday exercise annually.
  • Regular penetration testing: Establish a process for doing internal penetration testing regularly at least quarterly. Have an external firm conduct a penetration test at least once per year.
  • Security Incident Response: Lead security incident detection, investigation, and resolution. Collaborate with SREs for post-mortem and lessons learned.
  • Compliance: Work closely with our legal team and Security and Privacy Working Group to ensure cloud environments are compliant with relevant industry standards and regulations.
  • Security Tooling: Recommend, implement, and manage security tools to help in threat detection, vulnerability assessment, and continuous monitoring.
  • Documentation: Create and maintain robust documentation related to security policies, procedures, and best practices.

You will be successful if you have:

  • 4 years of experience with any combination of the following: security engineering, system and network security, authentication, and security protocols, or application security.
  • Experience with network segmentation, network access controls, network monitoring, etc
  • Collaborated with engineers and stakeholders to implement secure solutions for infrastructure, applications, and services. Including coordinating audits and remediations for Compliance Regulations
  • Cloud security experience, including Containerization/Docker/Kubernetes
  • Ability to design and develop solutions to address security needs when third party offers aren't sufficient
  • Strong passion for Continuous Improvement and sharing knowledge through mentorship and acting like an owner

Why this role:

  • You Make a Difference. We don't expect you to just come in and only pick tickets out of a queue. You will be able to actively contribute in laying out team goal, projects and roadmap
  • Work with Amazing People. You will work with others that value collaboration and seek to help each other grow and succeed. Team-up with workmates that have the same passions as you and have fun while doing it
  • We Value Development. No matter what level you're at, there's always room for growth personally and within the company. We provide the means for you to accomplish both with mentoring and education/conference stipends
  • Join us at an exciting time. We've tripled our business in the last year and we aren't planning on slowing down any time soon

You will love working at Curology because:

  • Competitive salary and equity packages
  • Comprehensive benefits: medical, dental, and vision insurance for employees; flexible spending account; 401k; mental health & wellness programs
  • $75 WFH stipend (remote employees)
  • Home office setup stipend (remote employees)
  • Minimum Time Off policy (unlimited PTO, with at least 3 weeks off) for exempt employees
  • 11 company observed holidays
  • Additional holidays: Curology days off (1 per quarter), 1 annual floating holiday (employee’s choice), and Gratitude Week (employees take the full week of Thanksgiving off; business critical teams observe different days)
  • Paid parental leave
  • Employee donation matching program
  • Company-sponsored events
  • Free subscription to Curology or Agency
  • The base salary for this position will be between $119,000 to $180,000 depending on your experience, skillset, and geographic location.
Curology encourages applications from people of all races, religions, national origins, genders, sexual orientations, gender identities, gender expressions and ages, as well as veterans and individuals with disabilities. Notice to Applicants under the CCPA.