Senior Cloud Security Engineer

About Birdeye
Birdeye is the leading agentic marketing platform for multi-location brands.

Companies like H&R Block, Aspen Dental, and Caesars Entertainment use Birdeye to manage marketing across thousands of locations — from how they get found, to how they convert, to how they retain customers. Our platform replaces disconnected point tools with AI agents that execute work at the location level — responding to reviews, updating listings, publishing content, and driving conversions.

Backed by Marc Benioff, Jerry Yang, and Accel-KKR, Birdeye was named to G2’s 2026 Best Agentic AI Products list — appearing alongside the world’s leading AI companies. We’re expanding rapidly into enterprise, with growing adoption across large, multi-location brands.

About the Role

BirdEye runs on AWS (EKS, EC2, RDS, ECR) and GCP (GKE, GCR). A CNAPP platform (Wiz / Orca — evaluation in progress) is being onboarded as the cloud security posture management solution. This role is cloud engineer and platform engineer first, security engineer second. You will own the cloud security posture across both clouds — not as an advisor, but as the person who writes the Terraform, hardens the AMIs, locks down the IAM, and drives findings to zero.

What You Will Own

• Own the CNAPP platform (Wiz / Orca — under evaluation) end-to-end — onboarding, configuration, findings triage, remediation tracking, weekly posture report to CISO. Drive toward 0 critical findings.
• Deep AWS security posture ownership: CloudTrail, IAM (roles, policies, SCPs, RCPs, permission boundaries), WAF, AWS Organizations, Security Hub, GuardDuty, Config, network segmentation, security groups
• GCP security posture: GKE, GCR, Cloud Audit Logs, IAM — consistent control framework mirroring AWS standards
• Cloud logging and SIEM partnership: own AWS and GCP log architecture — CloudTrail, GuardDuty, VPC Flow Logs, WAF logs, GCP Cloud Audit Logs. Ensure comprehensive log collection, retention, and forwarding into central SIEM. Partner with SecOps on detection rule development, log correlation, and cloud-layer alert triage.
• OS-level security: AMI hardening, CIS benchmarks, golden image pipeline, patch management for base images
• Deep Kubernetes security: EKS/GKE hardening, RBAC, network policies, admission controllers, image scanning, runtime security, pod security standards
• Infrastructure as Code: write and maintain Terraform modules with security-first defaults. Eliminate manual stateful IAM users, move to ephemeral roles as standard.
• Python scripting for security automation — custom tooling, remediation scripts, posture reporting
• Cloud-native incident response DRI — contain, investigate, recover, write post-incident review
• Own cloud security control evidence for SOC 2 Type II and ISO 27001 audits
• Partner with DevOps/Infra team (Jenkins, ArgoCD, Terraform) on security integration in the deployment pipeline

Must Have

• 5+ years hands-on cloud engineering with a security focus — you are a cloud/platform engineer first who deeply understands security, not a security consultant who has read about cloud
• Deep AWS fundamentals: CloudTrail, IAM (roles, policies, SCPs, RCPs, permission boundaries, credential management), WAF, AWS Organizations, Security Hub, GuardDuty
• AWS and GCP logging expertise: CloudTrail, GuardDuty, VPC Flow Logs, WAF logs, GCP Cloud Audit Logs — you must be able to architect log collection, configure retention, and feed logs into a SIEM for correlation and alerting
• Deep Kubernetes knowledge — EKS/GKE operations, RBAC, network policies, admission controllers, pod security
• Infrastructure as Code proficiency — Terraform required, with security-in-IaC mindset
• OS-level knowledge — Linux administration, AMI hardening, CIS benchmarks, patch management
• CNAPP/CSPM experience: Wiz, Orca, Sentinel, Prisma Cloud, or equivalent
• Python scripting ability for automation and custom security tooling
• Cloud incident response experience — you have led a cloud security incident, not just observed one

Nice to Have

• GCP security experience alongside AWS (dual-cloud is a reality here)
• SIEM integration experience — building cloud log pipelines, writing detection rules from cloud log sources
• AWS Security Specialty certification or CKS (Certified Kubernetes Security Specialist)
• Experience with eBPF-based runtime security (Falco, Cilium, Tetragon)
• Container image supply chain security — Sigstore, Cosign, Notary

AI as a Force Multiplier

Every member of the security team is expected to leverage AI tools and capabilities to increase speed, productivity, and coverage. This is not optional — it is how a four-person team operates at the scale of a much larger organisation.

• Use AI-assisted tooling for code review, vulnerability triage, alert correlation, evidence generation, policy drafting, and threat analysis
• Evaluate and adopt AI-native security tools where they outperform traditional approaches
• Automate repetitive workflows using AI/ML — the goal is to spend human attention on judgment, not toil
• Stay current on AI developments in your pillar — and bring recommendations to the team

Why You’ll Join Us
At Birdeye, we are relentless innovators driven by a singular goal: to lead our category with unparalleled excellence. We don't just set goals – we surpass them. We're a team of doers who roll up our sleeves and get the job done, delivering on our promises with unwavering dedication.

Working here means embracing a culture of action and accountability, where every person is empowered to make an impact. We don't just talk about making a difference – we make it happen.