We’re representing a high-growth cloud platform with customers in fintech and logistics. Engineering ships weekly, compliance is catching up, and leadership wants a pragmatic security partner who can harden cloud and SDLC without slowing delivery. They’re hiring a Senior Information Security Analyst to be the hands-on anchor for AppSec, cloud posture, and incident readiness.
The role at a glance
Own day-to-day cloud/AppSec controls—design the guardrails, tune detections, and lead incident response so the platform stays safe as scale and audits ramp.
What you’ll do
Set cloud security baselines (AWS/Azure): IAM, network controls, secrets/KMS, container/K8s posture.
Build AppSec in the SDLC: threat models, SAST/DAST choices, dependency risk, developer enablement.
Create/tune detections (SIEM/XDR); write IR playbooks and lead tabletops and incident command.
Harden CI/CD (artifact signing, SBOM, provenance) and roll out zero-trust patterns.
Drive SOC 2/ISO 27001 evidence with automation; publish risk memos and KPI dashboards.
What you’ll bring
5–8+ years across security engineering/analysis with real cloud + AppSec depth.
IaC/Terraform fluency; solid K8s/container experience; strong detection engineering.
Calm, structured incident leadership; clear comms with engineering + execs.
Relevant certs welcome (GCSA/GCIA/GCPN/CISSP) but practical skill matters most.
Package (guide)
$150k–$210k base + bonus; benefits; hybrid TX; relocation considered. (Austin or Dallas)