Senior Staff Network Engineer - Network Security
Colorwave Inc
- United States
- United States
Über
We're looking for a Senior Staff Security Engineer to lead Gusto's edge and network security strategy, owning the design and operation of our Cloudflare WAF, DDoS protection, Zero Trust, and broader perimeter controls. The ideal candidate brings deep, hands-on Cloudflare expertise and a proven track record of hardening edge and network architectures at scale, including tuning WAF rulesets, defending through live DDoS events, and shipping Zero Trust rollouts engineers actually adopt. You think in terms of layered defense, measurable risk reduction, and automation over manual toil. In this role, you'll serve as a force multiplier across the security org, partnering with infrastructure and product teams to make high-impact architectural decisions that compound over time. The Gusto's Enterprise Security Engineering team, a small but high-leverage group responsible for cloud security posture, edge and network defense, container security, secrets management, and endpoint protection across the company. The team runs a modern stack including Cloudflare, Wiz, CrowdStrike, Panther, and Tines, scaling impact through automation, IaC, and AI-augmented tooling. The work carries real stakes, protecting the payroll, benefits, and HR systems that hundreds of thousands of small businesses and their employees rely on every day. The team is engineering-first, with most of the roadmap living in code and a strong emphasis on partnering with infrastructure and product teams rather than gatekeeping them. Here's what you'll do day-to-day: Design and operate Gusto's edge security stack including Cloudflare WAF, DDoS protection, Bot Management, WARP, Gateway, and Access, tuning rules against real traffic and shaping how engineers and operations teams reach internal systems securely. Own the network security perimeter across AWS and the edge: VPC design, Network Firewall, Shield, CloudFront, NACLs, and egress filtering, all codified in Terraform and Crossplane, observable, and consistently enforced. Develop policy-as-code patterns for WAF rules, network policies, and edge configuration so changes ship through pull requests with review, testing, and clean rollback paths. Build detections and alerting on edge and network telemetry including Cloudflare logs, VPC Flow Logs, and CloudTrail flowing into Panther, and lead incident response for perimeter and network events. Contribute broadly across the security engineering surface including cloud posture, container security, IAM, vulnerability management, and on-call, bringing a strong generalist instinct to wherever the work is most critical. Operate as an AI-native engineer, using Claude Code, MCP-driven tooling, and agentic workflows as a daily force multiplier across investigation, automation, and detection engineering. Prototype and ship agents, custom MCP servers, and LLM-assisted automations that compress security work from days to minutes and raise the bar for what one engineer can own. Our cash compensation amount for this role is targeted at $210,000/yr to $230,000/yr in Denver & most remote locations, $230,000/yr to $270,000/yr for San Francisco, New York & Seattle. Stock equity is additional. Final offer amounts are determined by multiple factors including candidate experience and expertise and may vary from the amounts listed above.
Sprachkenntnisse
- English
Hinweis für Nutzer
Dieses Stellenangebot stammt von einer Partnerplattform von TieTalent. Klick auf „Jetzt Bewerben”, um deine Bewerbung direkt auf deren Website einzureichen.