Mondoo is creating a new way that helps companies keep their users and data safe from hackers around the world. We believe that a great user experience and visual design will help our users to love and enjoy our product and make it easier to take action against attackers.
Your impact
You will have a direct impact on the Mondoo Platform including our policy engine, resources, scale, and multi-region functionality. You will be helping teams to assess, scope, prioritize, triage and remediate security findings.
Key responsibilities
We're seeking a talented Platform Engineer who is eager to enhance their expertise in security. This position offers the opportunity to work with cutting-edge technologies and gain hands-on experience in "policy as code" frameworks while contributing to our dynamic team.
In this role, you will:
Build, manage, and optimize cloud infrastructure using Infrastructure as Code (IaC) tools like Terraform and CloudFormation.
Automate system configurations using tools like Ansible, Puppet, or Chef.
Collaborate with teams to ensure seamless integration of infrastructure with CI/CD pipelines.
Gain experience working with policy as code frameworks (e.g., Open Policy Agent, HashiCorp Sentinel).
Assist in translating high-level security requirements into practical policy as code implementation within cloud and on-premises environments.
Support the implementation and scaling of automated security controls in Kubernetes, cloud environments (AWS, Azure, GCP), and operating systems.x5
Stay updated on infrastructure management and automation trends, ensuring a robust and scalable system foundation
Required qualifications
Strong hands-on experience with IaC tools like Terraform or CloudFormation.
Proficiency in configuration management tools such as Ansible, Puppet, or Chef.
Solid understanding of at least one major cloud platform (AWS, Azure, or GCP) and its core services.
Experience working with container technologies like Docker and orchestration tools like Kubernetes.
Comfortable scripting in at least one language (e.g., Python, Bash, or similar).
Knowledge of networking basics (TCP/IP, DNS, etc.).
Experience with version control systems (e.g., Git).
Strong problem-solving and analytical skills.
Willingness to learn and grow into a role focused on security policies and automation.
Excellent communication skills with the ability to work effectively in a collaborative team environment.
Preferred qualifications
Familiarity with security tools and concepts such as policy as code frameworks (Open Policy Agent, Sentinel).
Knowledge of compliance standards (e.g., CIS, SOC 2, ISO 27001).
Previous exposure to cloud-native security tools and services.
Relevant certifications in cloud platforms (e.g., AWS, Azure, GCP).
A keen interest in learning about security best practices, frameworks, and tools.
Application Process
As part of your application, please share links to your GitHub/GitLab repositories or a portfolio of projects that demonstrate your experience with security policy implementation, policy as code, and relevant cloud security tools. We're particularly interested in seeing examples that showcase your ability to translate complex security requirements into executable code for cloud environments.
If you're passionate about enhancing cloud security through code, implementing scalable and automated security policies across cloud platforms, participating in collaborative security design processes, and staying at the forefront of cloud security best practices, we'd love to hear from you!