Aurora · 2 days ago
Staff Cloud Security Engineer
Mountain View, CA
Full-time
Onsite
Senior Level, Lead/Staff
$220K/yr - $300K/yr
7+ years expAurora is a company focused on delivering the benefits of self-driving technology. They are seeking a Staff Cloud Security Engineer to design and implement security capabilities for their cloud infrastructure, primarily within AWS and Kubernetes.
AutomotiveAutonomous VehiclesElectric VehicleTransportation
Responsibilities
Lead the design and implementation of core security infrastructure services, including certificate management (PKI), secrets management, and centralized authentication/authorization services leveraging standards like OIDC and SAML
Deep AWS Security Specialization: Architect and manage security boundaries and access controls for the entire AWS environment, including but not limited to:
IAM Governance: Define and enforce least-privilege IAM roles and policies, establish strong IAM Access Boundaries using Service Control Policies (SCPs), and govern inter-service communication
Network Segmentation: Design and implement robust network security controls within VPCs, including Security Groups, Network ACLs, and private connectivity (VPC Endpoints, Transit Gateway)
Design and implement security best practices and tooling within AWS and EKS, including controls such as admission controllers, image scanning/signing, pod security standards, and runtime security enforcement
Develop and manage systems for continuous security control monitoring, reporting, and automated remediation (e.g., using AWS Config, GuardDuty, or custom tools)
Develop threat models independently, or jointly with system owners. Translate identified threats into tangible security requirements, ensuring controls are strategically deployed to strengthen the security posture of core platforms and services
Serve as a principal security consultant to product and platform engineering teams, conducting in-depth security design reviews for new systems and features, and proposing actionable security control implementations
Elevate Security Architecture: Design, implement, and maintain the next generation of security infrastructure, controls, and primitives natively within AWS and across our Kubernetes (EKS) platform
Define Security as Code: Drive the adoption of Infrastructure as Code (IaC) principles (e.g., Terraform) to codify, deploy, and continuously monitor security controls and policies in an auditable and scalable manner
Strategic Threat Modeling: Lead advanced threat modeling exercises for critical systems and architectures, translating risks into prioritized security requirements and verifiable controls
Architectural Guidance: Act as a security consultant for product and platform engineering teams, conducting in-depth security design reviews and providing pragmatic, hands-on recommendations for securing complex microservice architectures
Automate Remediation: Identify systemic security weaknesses and create robust, scalable automation (e.g., Python/Go-based tools, Lambda functions, EKS controllers) to eliminate classes of vulnerabilities at the source
Qualification
Required
7+ years of progressive experience in software, platform, or security engineering, with a minimum of 3+ years focusing exclusively on public cloud security (AWS required)
Experience in identifying and managing security risk, and the ability to navigate the organizational friction to manage these risks
Expert-level, hands-on experience securing and operating complex environments in AWS, including expertise with IAM, VPC Networking, Security Hub, Config, GuardDuty, and KMS
Proven ability to design and implement security controls for Kubernetes (EKS), including strong knowledge of authorization models, admission controllers, and security best practices
Expertise in one or more Identity and Access Management (IAM) standards and technologies: PKI, OAuth2/OIDC, SAML, and commercial solutions like Okta
Strong proficiency in at least one modern programming/scripting language (e.g., Python or Go) for building security automation, tools, and remediation services
Experience writing, reviewing, and scaling infrastructure with Terraform
Preferred
Deep fundamental understanding of enterprise-level network security, operating system security (Linux), and application security principles
Experience implementing DevSecOps practices, including integration of security testing (SAST/DAST/SCA) into CI/CD pipelines (e.g., GitLab, Jenkins)
Familiarity with compliance frameworks (e.g., SOX, SOC 2, ISO 27001)
Benefits
Annual bonus
Equity compensation
Benefits
Company
Aurora
Aurora is building self-driving technology to operate multiple vehicle types, from freight-hauling trucks to ride-hailing passenger ones.
1001-5000 employees
H1B Sponsorship
Aurora has a track record of offering H1B sponsorships. Please note that this does not
guarantee sponsorship for this specific role. Below presents additional info for your
reference. (Data Powered by US Department of Labor)
Distribution of Different Job Fields Receiving Sponsorship
Represents job field similar to this job
Trends of Total Sponsorships
2025 (11)
2024 (51)
2023 (91)
2022 (77)
2021 (38)
2020 (51)
Funding
Current Stage
Public CompanyTotal Funding
$4.19BKey Investors
UberSequoia Capital
2024-08-01Post Ipo Equity· $483M
2023-07-19Post Ipo Equity· $820M
2021-11-04Post Ipo Equity· $1.8B
Leadership Team
Chris Urmson
CEO and co-founder
Sterling Anderson
Co-Founder & CPO
Recent News
2025-12-24
Company data provided by crunchbase