Home
Recruiter
Log In

Staff Cloud Security Engineer

Remote from
USA flag
USA
Salary, yearly, USD
225,000 - 275,000
Department
Software Engineering
Employment type
Full Time,
Job posted
Apply before
2 Jul 2026
Experience level
Senior
Views / Applies
20 / 5
About company Share

About Temporal Technologies

Changing how modern software is built by guaranteeing the execution of complex, long-running workflows, even in the presence of system failures.

Actively Hiring
Verified job posting
This job post has been manually reviewed for authenticity and compliance.

AI Summary

Temporal is seeking a Staff Cloud Security Engineer to secure its cloud environment across AWS, GCP, and Azure. The role involves integrating security into infrastructure design, conducting threat modeling, and managing cloud security posture. Candidates need 5+ years of experience, expertise in Kubernetes security, multi-tenant architecture, and proficiency in Go. The position offers the opportunity to shape AI usage in security processes and work with a dynamic team on a mission to improve developer experience.

Role DNA

Job Complexity
Easy Hard
Pace & Pressure
Relaxed Fast-paced
Autonomy Level
Guided Full Ownership
Communication Load
Independent Highly Collaborative
AI Insight The role requires deep expertise in cloud security, multi-cloud environments, and collaboration with engineering teams, making it challenging but not entry-level.

Salary Analysis

Median Highly Competitive
USD250,000
US Market
USD150k – USD300k
0 USD330k
AI Insight The offered salary range of $225,000-$275,000 is competitive for a Staff Cloud Security Engineer role, aligning with the upper end of the US market median.

Key Skills

Cloud Security Kubernetes AWS GCP Azure Go gRPC mTLS Threat Modeling Service Mesh

I am writing to express my strong interest in the Staff Cloud Security Engineer position at Temporal. With over 5 years of experience in cloud security and a deep expertise in multi-cloud environments, Kubernetes security, and threat modeling, I am excited about the opportunity to contribute to securing Temporal's innovative platform.

My background includes designing secure architectures for AWS, GCP, and Azure, implementing mTLS and service mesh configurations, and managing cloud security posture with tools like Wiz. I have a proven track record of collaborating with engineering teams to integrate security into the development lifecycle, ensuring robust protection for complex distributed systems.

I am particularly drawn to Temporal's mission to simplify code and make applications more reliable. The chance to work on securing a durable, stateful workflow engine and to shape responsible AI use in security processes aligns perfectly with my professional goals.

I am eager to bring my technical skills and collaborative mindset to the Temporal team. Thank you for considering my application; I look forward to the possibility of discussing how I can contribute to your mission.

How would you approach securing a multi-tenant Kubernetes cluster in a cloud environment?
I would implement RBAC with least privilege, use network policies for isolation, enable audit logging, and leverage admission controllers like OPA/Gatekeeper. Additionally, I'd use tools like Wiz for continuous misconfiguration detection and ensure secrets are managed via HashiCorp Vault or cloud-native solutions.
Describe your experience with threat modeling for distributed systems. Can you give an example?
I have used STRIDE and PASTA methodologies to model threats for a workflow engine. For instance, I identified attack surfaces in task queue integrity and client-server trust boundaries, leading to implementation of mTLS and payload encryption to protect sensitive data.
How do you stay current with emerging cloud security standards and apply them?
I follow CSA Cloud Controls Matrix and CIS Benchmarks, attend security conferences, and participate in industry groups. I translate these into internal policies by conducting gap analyses and updating security configurations, such as enforcing encryption at rest and in transit.
Can you explain how you would secure gRPC communication in a microservices architecture?
I would enforce mTLS for mutual authentication, use service mesh (e.g., Istio) for traffic encryption and authorization, implement rate limiting, and validate requests with API authentication. Additionally, I'd use short-lived certificates and rotate them regularly.
What is your approach to integrating security into the development lifecycle?
I advocate for shifting left by embedding security in design reviews, conducting threat modeling early, and providing security training. I also integrate SAST/DAST tools into CI/CD pipelines and establish clear security requirements for each sprint.

About Us

Temporal is an open source programming model that can simplify code, make applications more reliable, and help developers focus on the important things like delivering features faster. We are on a mission to be the reliable foundation of every developer’s toolbox, and are building the team that will make that happen.
 
Our values guide us —they are present in how we show up, make decisions, and work together to make an impact. We’re curious, driven, collaborative, genuine and humble.
 
Temporal is growing and we are looking for those who share our values, challenge ‘standard’ thinking, and want to influence our future. If you have a passion for improving the developer experience, building world-class open-source software and communities, and want to be a part of our amazing team, we’d love to hear from you!

Summary

Join our dynamic team as a Staff Cloud Security Engineer, where you’ll play a pivotal role in securing the Temporal cloud environment for our customers. In this position, you’ll work closely with our infrastructure teams, software engineering teams, and customers to build security deeply into our platform across multiple clouds. You’ll also help shape how we use AI responsibly in both our infrastructure and our engineering processes. We’re looking for individuals who are passionate about enabling engineering teams to build and ship securely, serving as trusted security partners across the organization.

What You’ll Do

  • Collaborate with product and engineering teams to integrate security principles into the design and architecture of cloud infrastructure across multiple clouds (AWS, GCP, Azure, and others).
  • Secure Temporal’s core platform components, including the workflow engine, task queue architecture, and worker execution model – identifying attack surfaces unique to durable, stateful distributed systems.
  • Conduct threat modeling and risk assessments to identify vulnerabilities and potential attack vectors across our multi-cloud environment, with particular focus on workflow execution, task queue integrity, and client-server trust boundaries.
  • Secure Temporal’s gRPC-based communication layer, including mTLS certificate management, service mesh configuration, and API authentication.
  • Manage cloud security posture using tools such as Wiz, including misconfiguration detection, compliance monitoring, and remediation across all three cloud providers.
  • Stay current on emerging cloud security standards and guidance (e.g. CSA Cloud Controls Matrix, CIS Benchmarks) and translate these into actionable internal policy.
  • Able to participate in on-call rotation.

What You’ll Bring

  • Bachelor’s degree in Computer Science, Cybersecurity, or a related field (or equivalent experience).
  • 5+ years in cloud security or a related role.
  • Proven partnership with engineering teams, bringing security expertise to infrastructure access and security posture.
  • Kubernetes security posture management and auditing, including workload hardening, RBAC design, and admission control.
  • Demonstrated experience with multi-tenant security architecture, including data plane isolation, control plane hardening, and cross-tenant data leakage prevention.
  • Strong opinions on the use of AI in different areas (assessments, threat models, penetration testing, etc).
  • A deep understanding of application architecture and design principles, ability to effectively identify vulnerabilities across multiple programming languages
  • Experience with secrets management at scale (e.g. HashiCorp Vault, AWS Secrets Manager) and payload encryption patterns such as codec servers for protecting sensitive workflow data.
  • Proficiency in Go; familiarity with Python. Go is Temporal’s primary server and SDK language.
  • Strong command of gRPC security, mTLS, and service mesh architectures (Istio, Envoy).
  • Excellent communication and ability to explain complex security concepts to non-technical stakeholders.
  • Excellent collaboration and communication skills.

Nice to Have

  • Prior experience with Temporal, Cadence, or similar workflow orchestration platforms and an understanding of workflow history, replay semantics, and scheduling internals.
  • FedRAMP, SOC 2 Type II, or ISO 27001 experience, particularly in the context of cloud-native SaaS.
  • Open Source automation or automation projects.
  • Expertise in other areas of security (AppSec, CorpSec, GRC)
  • Security conference talks or published research.
Compensation
  • The estimated pay range for this role is $225,000 – $275,000, depending on qualifications and location.
  • This role is eligible to participate in Temporal’s equity plan.
Compensation ranges reflect salary and commission compensation (when applicable) across several geographic markets. Employment offers carefully consider multiple factors, including prior experience, knowledge, expertise, skillset, market location, and job level assessed during the interview process.
 
Employee benefits and perks below are for full-time employees, part-time or temporary positions are excluded. 
 
U.S. Benefits 
  • Unlimited PTO, 12 Holidays + 2 Floating Holidays
  • 100% Premiums Coverage for Medical, Dental, and Vision
  • AD&D, LT & ST Disability, and Life Insurance (Standard & Supplemental Available)
  • Empower 401K Plan
  • Additional Perks for Learning & Development, Lifestyle Spending, In-Home Office Setup, Professional Memberships, WFH Meals, Internet Stipend and more!
International Benefits

Paid Time Off (PTO) and Benefits outside the United States vary by country, and are issued in partnership with Remote.com. Additionally, Temporal offers perks to all international employees for learning & career development, a lifestyle spending account, in-home office setup (in addition to company-issued hardware), professional memberships, work-from-home meals, and access to the Calm app for mental wellness.

Travel

Temporal is a globally distributed, collaborative team that values opportunities for in-person connection. Occasional travel may be required for company events, team offsites, and other meaningful moments that bring us together.

Additional Perks 
  • $3,600 / Year Work from Home Meals 
  • $1,800 / Year Professional Enrichment (Career Development & Professional Memberships)
  • $1,200 / Year Lifestyle Spending Account
  • $1,000 / Year In-Home Office Setup (In addition to Temporal issued equipment – laptop, monitor, keyboard, mouse, trackpad, and extension power cable at no cost to you)
  • $74 / Month Reimbursement for Internet
  • Calm App Subscription for Mental Health & Wellness
Temporal Technologies is an Equal Opportunity Employer. Temporal Technologies does not discriminate on the basis of race, religion, color, sex, gender identity, sexual orientation, age, non-disqualifying physical or mental disability, national origin, veteran status, or any other basis covered by appropriate law. All employment is decided on the basis of qualifications, merit, and business need. We embrace and celebrate differences and diversity.
 
Temporal is committed to providing access, equal opportunity, and reasonable accommodation for individuals with disabilities in employment, its services, programs, and activities. If you need to request a reasonable accommodation, please let your Recruiter know so we can assist.
 
We are not working with external recruitment agencies, thanks.

Apply now >

This job listing has been manually reviewed by the Jobicy Trust & Safety Team for compliance with our posting guidelines, including verification of the company's legitimacy, accuracy of job details, clarity of remote work policy, and absence of misleading or fraudulent content.

How to apply

Did you apply? Let us know, and we’ll help you track your application.

For safety tips, see our guides, and please let us know if you need any assistance.

Log in to save
You're almost done!

Create a free account with us to save a history of all jobs you've shown interest in.

You can also continue as a guest if you prefer.

Share

See a few more

Similar Software Engineering remote jobs

More Jobs

Job Search Safety Tips

Here are some tips to help you search and apply for jobs safely:
Watch out for suspicious jobs Don't apply for jobs that offer high pay for little work or offer to hire you without an interview. Read more ›
Check the employer's profile Make sure you're applying for a trustworthy job by visiting the employer's profile and learning more about them. Read more ›
Protect your information Don't share personal details like your bank account or government-issued ID on suspicious websites or messengers. Read more ›
Report jobs that feel unsafe If you see a job that seems misleading, inappropriate or discriminatory, report it for going against our policies and we'll review it.

Share this job

Jobicy+ Subscription

Jobicy

614 professionals pay to access exclusive and experimental features on Jobicy

Free

USD $0/month

For people just getting started

  • • Unlimited applies and searches
  • • Access on web and mobile apps
  • • Weekly job alerts
  • • Access to additional tools like Bookmarks, Applications, and more

Plus

USD $8/month

Everything in Free, and:

  • • Ad-free experience
  • • Daily job alerts
  • • Personal career consultant
  • • AI-powered job advice
Go to account ›