We are an Open Source seed-stage startup revolutionizing cloud security infrastructure. Our mission is to build cutting-edge, practitioner-friendly solutions that empower developers to secure their cloud environments effortlessly. We are looking for an experienced dynamic individual who thrives at the intersection of security research, software engineering, and community to join our team as a Cloud Security Engineer - Team Lead

Prowler is a company that values our people as much as it values cybersecurity, demonstrated by mandatory PTO and a fully remote team. Day to day, Prowlerians collaborate, architect, and deploy security checks and remediations across cloud deployments at scale, empowering users to discover the edges of their systems and find gaps in their security posture. We celebrate diversity and are committed to creating an inclusive and welcoming work environment for all employees.

‍

Check out our website here: https://prowler.com

Prowler on Github: https://github.com/prowler-cloud/prowler

‍

Primary Responsibilities

• Innovate with the Customer in Mind: Partner with product owners, stakeholders, and engineers to understand customer needs, translating complex technical risks into actionable, scalable solutions that solidify Prowler's position at the forefront of the industry and drive our mission to become the standard for cloud protection.
• Team Leadership & Execution: Lead, mentor, and grow a team of cloud security engineers and researchers, owning the end-to-end planning, execution, and delivery of cutting-edge research and team projects.
• Pioneer Cloud Threat Research: Conduct comprehensive architectural reviews of major cloud ecosystems (AWS, GCP, Azure, OCI), their telemetry data, and Kubernetes to uncover hidden threat vectors, evasion techniques, and structural vulnerabilities. Naturally adopt an adversarial mindset, constantly evaluating new cloud deployments to identify architectural flaws, blind spots, and potential abuse vectors.
• Develop Scalable Security Controls: Pioneer new methodologies for threat identification, engineering advanced security rules and automated safeguards from the ground up. Transform experimental security research into robust, enterprise-grade detection features integrated into the Prowler product.
• Advanced Threat Modeling: Conduct deep-dive analysis and advanced threat modeling on complex cloud architectures and emerging AI/LLM infrastructures to preemptively identify and mitigate risks.
• Drive the Security Roadmap: Contribute to strategic architecture decisions, collaborating closely with world-class engineering and research teams to define and execute the security product roadmap.
• Champion Engineering Excellence: Drive high-quality code standards by leading code reviews, automated testing, and CI/CD workflows. Provide constructive feedback and mentor fellow engineers on best practices.
• Elevate Industry Standards: Continuously update knowledge and push the continuous improvement of internal practices, introducing the latest industry standards and emerging trends to keep the team at the forefront of cloud security.
• Community & Thought Leadership: Actively engage with and support the Prowler community, implement customer-driven requests, represent the team externally, and guide others in the open-source cloud security ecosystem.

‍

Qualifications / Skills / Experience

‍

We evaluate the following in candidates for this role:

• Cloud Security Expertise: 6+ years of extensive experience in Cybersecurity, with at least 3 years explicitly focused on Cloud Security ecosystems (CSPM, CWPP, CNAPP).
• Technical Leadership: Proven experience (2-3+ years) leading engineering or research teams, driving collaborative development workflows, conducting rigorous code reviews, and managing agile security projects.
• Cloud Architecture & IAM Mastery: Expert, deep-dive understanding of CSP APIs, internal services, and complex permission models (IAM) across at least one major cloud provider (AWS, GCP, Azure), alongside strong networking fundamentals (including cross-network routing, micro-segmentation, and advanced network topologies).
• Attacker/Defender Mindset: A proven ability to evaluate any cloud architecture with an adversarial mindset, identifying structural flaws and potential abuse vectors before they are weaponized, backed by a solid foundation in cloud attack methodologies, vulnerability research, and penetration testing.
• Coding Excellence: Advanced proficiency in Python, with a strong ability to write clean, efficient, scalable code. You are a strong advocate for maintaining high standards of detection quality and thorough documentation.
• Cloud-Native & Infrastructure: Hands-on experience with containers and orchestration tools (Docker, Kubernetes), and a deep understanding of operating system architectures
• Automation & CI/CD: Practical experience with Git, collaborative workflows, Infrastructure as Code (leveraging the HashiCorp ecosystem or native cloud templates), and deployment automation within CI/CD pipelines.
• Communication Skills: Adept at translating intricate security threats into actionable business insights for leadership, while providing deep, actionable context for our engineering squads.
• Startup DNA: Driven by a strong sense of ownership, you excel in self-directed remote work while remaining deeply engaged and highly communicative within our distributed engineering culture. Working fluency in English is required.

‍

Good to have

‍

• AI & LLM Security Vanguard: Pioneering knowledge of emerging threat landscapes, attack vectors, and security best practices within Artificial Intelligence infrastructures, LLM security, and MLOps environments.
• Open-Source Champion: A strong background with active, hands-on contributions to open-source security projects and a visible presence in the collaborative security ecosystem.
• Industry Thought Leadership: A proven track record of sharing research and knowledge. This includes speaking engagements at top-tier conferences (e.g., DEF CON, Black Hat, fwd:cloudsec, BSides) or impactful research publications, CVE discoveries, and technical blog posts.
• Advanced Certifications: Holding industry-recognized certifications that validate your deep technical expertise, such as AWS Certified Security - Specialty, GCP Professional Cloud Security Engineer, OSCP, OSWE, or equivalent.

How will you know you are successful in this role?

‍

• Team Trust & Leadership: Your peers view you as a go-to cloud security authority and an empowering, supportive leader. Positive peer feedback—our most valued metric for performance—reflects your collaborative nature and mentorship.
• High-Velocity Impact & Quality: Your manager and stakeholders agree that your security research and feature velocity move at a highly competitive pace, with detection quality that rivals or exceeds top-tier industry standards.
• Strategic Alignment: You possess a crystal-clear understanding of how your daily work drives the company's broader vision. If asked, you can confidently demonstrate that you are consistently focused on the highest-priority, highest-impact initiatives.
• Market-Defining Contributions: Your research, code, and technical decisions directly and incontrovertibly propel Prowler's success, cementing its position as a standout, market-leading security product in a fiercely competitive landscape.

Why join Prowler

‍

• Opportunity to work with a rapidly growing and innovative company in the cloud security industry.
• Fully remote work, allowing for a flexible and collaborative environment.
• Competitive compensation package.
• Continuous learning and professional development opportunities.
• Be part of a dynamic team that values creativity and innovation.

‍

Work Hours & Benefits

‍

This is a full time, salaried position writing, testing, reviewing, and operating code at scale. Prowler is fully remote and distributed, spanning all U.S. time zones and several in E.U. This necessitates individuals taking responsibility for their working hours and broadcasting availability to colleagues. Mandatory minimum PTO (shoot for ~5 weeks; anything less than 4 weeks/year is unacceptable), workstation/home office stipend per year, flexible working hours, and stock options are some of our other benefits.

‍

Hiring Process

‍

• Intro & Technical Screen (30 minutes): We want to get to know the person behind the profile. You'll jump on a quick call with one of our founders or tech leads to discuss your background, your proudest achievements, and the complex security or engineering challenges you’ve tackled so far.
• Culture & Alignment Interview (1 hour): We thrive on a generative, diversity-first culture that champions context over control. This conversation is a two-way street to ensure you resonate with the high degree of autonomy, freedom, and ownership we expect, and to confirm that our environment is the right place for you to grow and succeed.
• Technical Team Dynamic (1 hour 30 minutes): No take-home assignments here—we want to see how we build together. You will join a live, collaborative session with your future teammates to tackle a real-world cloud security scenario. Rather than answering trick questions in isolation, this interactive exercise focuses on your technical reasoning, solution architecture, and how effectively you communicate and problem-solve within a team setting.

‍