Cloud Security Engineer

Western EU

Full time

Remote

R&D, Security

Kiln is hiring a Cloud & Infrastructure Security Engineer to harden our cloud, Kubernetes, and bare-metal environments. You’ll lead efforts to build automated detection and remediation workflows, augment visibility of all infrastructure assets, and collaborate closely with our infrastructure and software teams. This is a hands-on technical role with ownership over core security tooling and processes across a fast-scaling, high-availability infrastructure landscape.

• Cloud & Infrastructure Security:

• Define and enforce security guardrails across AWS, GCP, and bare-metal infrastructure.

• Implement and maintain least privilege access controls across IAM roles, service accounts, and API keys.

• Implement and monitor secure networking patterns using a Zero Trust approach (e.g. Tailscale).

• Proactively surface insecure changes to IaC pull requests through pre-commit hooks and GitHub Actions.

• CNAPP & Exposure Management:

• Own the configuration and deployment of our CNAPP platform across all environments.

• Build and maintain dashboards to monitor asset posture, misconfigurations, and critical risk combinations.

• Collaborate closely with the infrastructure team to triage and remediate CNAPP findings.

• Proactively publish periodic risk reviews with actionable insights and recurring issue tracking.

• Detection & Observability:

• Maintain and tune SIEM/SOAR pipelines to detect infrastructure-level threats.

• Write and optimize detection rules for privilege escalations, unusual API usage, and network anomalies.

• Secure Access & Identity Architecture:

• Partner with IT and security operations teams to design JIT access flows and secure service-to-service authentication mechanisms (OIDC, IAM roles).

• Continuously audit and enhance integrations across Okta, cloud platforms, and internal applications with a focus on least privilege.

• Infrastructure Collaboration:

• Enable engineering teams to build securely by contributing to reusable, hardened IaC modules and baselines.

• Define security benchmarks for KMS, compute workloads, and container deployments leveraging secure base images.

• Participate in design reviews for new infrastructure and services to embed security early.

• Application Security Collaboration:

• Support software teams by surfacing and tracking findings related to SBOM generation and monitoring, vulnerable dependencies, and OCI base image risks.

• Collaborate with developers to remediate issues surfaced through our security tooling and help optimize it.

• Security Automation:

• Build tools and workflows to auto-remediate misconfigurations and push security alerts to engineering teams.

• Develop internal bots and pipelines to enforce best practices at scale and simplify remediation.

• Compliance & Governance:

• Actively participate in defining and documenting technical controls to meet compliance frameworks (SOC 2, ISO 27001, NIST).

• Propose and implement dashboards and automation to monitor the compliance status of the stack.

• Partner with auditors and stakeholders to provide evidence and demonstrate ongoing control effectiveness.

• Experience:

• 5+ years of experience in cloud infrastructure or security engineering, preferably within high-growth, cloud-native environments.

• Strong background in securing AWS, GCP and bare-metal environments, including IAM, networking, and IaC deployments.

• Strong background in managing Kubernetes clusters.

• Skills:

• Proficient in Terraform, CI/CD tooling (GitHub Actions), GitHub Enterprise, and cloud infrastructure observability.

• Deep understanding of infrastructure security concepts: least privilege, Zero Trust, secrets management, and runtime hardening.

• Ownership experience with security platforms including CNAPP, SIEM/SOAR stacks, and identity systems.

• Comfortable collaborating across infra, platform, and security teams to drive security adoption.

• Proficiency in scripting or development (Python, Go, or Bash) for workflow automation.

• Nice to Have:

• French speaking

• Familiarity with blockchain or validator infrastructure.

• Hands-on experience managing Wiz CNAPP

• Hands-on exposure to compliance frameworks and audit preparation (SOC 2, ISO 27001, or NIST)

• Experience with threat detection, incident response, or threat hunting.

• Interest in Web3, blockchain, cryptocurrency and smart contracts - check our Tech Blog: https://www.kiln.fi/blog and Open-Source Contribution: https://www.kiln.fi/open-source

Kiln is the leading enterprise-grade rewards platform that enables institutional customers to stake assets and integrate staking & DeFi functionality into their offerings. Our API-first platform provides fully automated validators, staking & DeFi protocols access, and comprehensive data and commission management.

With $15+ billion in crypto assets staked through our platform, Kiln has established a strong presence on Ethereum, managing over 5.4% of the network through 50,000+ validators — all with zero slashing events.

Kiln serves more than 140 leading customers, including Binance, BitPanda, Bitgo, Fireblocks, VanEck, and TrustWallet.

Our team of 100 ecosystem enthusiasts brings experience from industry leaders like Google, Circle, Ledger, Chainalysis, and other prominent technology and cryptocurrency companies.

We\'ve raised $30M in total funding from prominent investors including 1kx, Crypto.com, Illuminate Financial, Consensys, Wintermute, Kraken Ventures...

Join Kiln and help us make the web more secure, stable, decentralized, and fair!

At Kiln, our values drive us: Technical Excellence ensures top security and usability; Innovation-Driven Meritocracy elevates groundbreaking ideas; Trust and Transparency build reliability through open communication; and People First keeps our team and clients at the heart of everything we do.

• A fast-paced, bureaucracy-free work environment
• Equity share options in the business: if Kiln succeeds, we all succeed!
• Competitive salary
• Flexible holiday
• Flexible remote working
• Choose your IT equipment
• Internet connection: €50/month
• Significant personal development budget (books, training)
• Overseas tech conferences budget

Kiln is an Equal Opportunity Employer

We are committed to fostering an inclusive and diverse workplace where everyone is valued and respected. We welcome applications from all backgrounds, including women or persons with disabilities.

Our thorough process ensures the best fit for both you and Kiln, and we strive to make each step valuable and efficient.

1. Recruiter Interview (45 min)
2. Take-home test (< 3 hours)
3. Technical Interview (60 min)
4. Core Values Interview (45 min)
5. Founders Interview (30 min)
6. Offer!

Please note that we do not sponsor visas for persons without work authorization in your location. This role is for full-time employees only (no B2B or contractors). Thank you!