Software Engineer, Security

Overview

Join the company Cloud Object Store (ACOS) team as a Software Engineer with a focus on security. The ACOS team, which is part of the company Services Engineering organisation, is one of the most critical infrastructure teams at the company, storing and serving petabytes of data across the company’s services. The ASE organization builds and operates the cloud infrastructure underpinning the company’s services, bringing together compute, storage, networking, and security into a unified the company Cloud platform. In this role you’ll work at the intersection of distributed systems engineering and security – building the authentication, authorisation, and encryption foundations that protect data at exabyte scale.

The security challenges in a large‑scale cloud object store are deep and varied. You will work on problems such as designing and evolving authentication systems to meet modern security standards; implementing and improving encryption‑at‑rest schemes with robust key lifecycle management at scale; building IAM policy enforcement at high throughput; driving compliance for a multi‑region storage platform; and conducting threat modeling for a system handling hundreds of thousands of requests per second. You’ll also contribute to broader storage engineering work – durability, availability, multi‑tenancy, and performance – making this a well‑rounded SWE role with a security‑first mindset.

Responsibilities

• Own and contribute to security infrastructure projects across authentication, authorisation, and encryption – building platforms that the rest of the storage org consumes.
• Implement and evolve authentication systems to meet modern security standards: improving credential security, integrating with other company services, and ensuring consistent auth across storage products.
• Build and maintain encryption‑at‑rest infrastructure: key lifecycle management, encryption standard upgrades, and ensuring cryptographic coverage at scale.
• Participate in threat modeling for new and existing features; embed security reviews into the design and launch process.
• Identify, scope, and lead projects that span security, reliability, isolation, scalability, and maintainability – this is a broad SWE role, not a pure security role.
• Work across teams to identify improvement areas, build consensus, and participate in roadmap and security planning discussions.
• Collaborate with the company’s Security and Privacy orgs, serving as the storage org’s point of contact for security matters.

Preferred Qualifications

• Experience with IAM systems, STS/short‑lived credentials, or policy‑based access control.
• Hands‑on experience with encryption infrastructure: key rotation, envelope encryption, or integrating with secret managers (e.g., HashiCorp Vault, AWS KMS, or equivalent).
• Familiarity with compliance frameworks such as PCI‑DSS or SOX in a cloud infrastructure context.
• Experience with threat modelling methodologies or conducting security design reviews.

Minimum Qualifications

• Solid backend software engineering experience with strong computer science fundamentals: networking, distributed systems, and security concepts.
• Good understanding of authentication and authorisation: familiarity with protocols such as SigV4, OAuth2, mTLS, or IAM‑style policy systems.
• Understanding of cryptographic fundamentals: symmetric encryption, key hierarchies, certificate management, or secret management systems.
• Experience driving complex projects end‑to‑end and collaborating across teams.