What you'd actually do

Architectural Leadership: Partner deeply with infrastructure and engineering teams to embed security into development workflows, leading high-level technical discussions to guide security efforts and strategic priorities.

Multi-Cloud Engineering: Design, implement, and continuously improve Sigma Cloud Security across AWS, GCP, and Azure environments with architect-level technical depth.

Threat Modeling & IR: Conduct cloud threat modeling and demonstrate hands-on experience in Cloud Incident Response, including investigating and remediating malicious activity within cloud environments.

Identity & Access: Build IAM and privileged access strategy (RBAC/ABAC, federation, least privilege, cross-account access), eliminating standing privilege and long-lived credentials. Develop and enforce IAM best practices, including zero-trust models and privileged access controls across IaaS and SaaS.

Drive cloud data security controls including classification, encryption/KMS, masking/tokenization, access governance, retention/deletion, and exfiltration risk reduction across APIs and data pipelines.

Skills

Required

Cloud security architecture
Multi-cloud environments (AWS, GCP, Azure)
IAM
Data security
Infrastructure-as-code (Terraform)
Threat modeling
Incident Response
Network security
Scripting languages (Python, Go, PowerShell)
Container security
Kubernetes
CI/CD pipeline design

Nice to have

Experience securing data platforms (Snowflake, Databricks, BigQuery)
Experience in high-growth SaaS or data platforms Organizations
Prior experience in Platform Engineering, DevSecops
Professional-level cloud certifications

What the JD emphasized

builds security solutions—not just manages tools

automates aggressively

Minimum 7+ years in Security roles with at least 5+ years focused on Cloud security engineering,IAM, and Data security

Deep technical expertise in cloud architectures AWS/Azure/GCP

Strong infrastructure-as-code skills

Proven ability to demonstrate incident response experience specifically related to cloud-based malicious activity and breach remediation.

Advanced Cloud IAM expertise

Strong background in cloud network security

Strong proficiency in scripting languages (e.g., Python, Go, PowerShell) for automation, data analysis, and security tooling development.

About the Role

We are hiring a Senior, hands-on Cloud Security Engineer to secure a large-scale, cloud-native SaaS platform. This is an engineering-first role for someone who builds security solutions—not just manages tools.

You will be a SME for cloud security architecture across platform, IAM, network, workload, data, and AI enablement, and partner with Engineering, Security, and Product to implement scalable controls that support business growth. You’ll design secure architectures, embed controls into infrastructure-as-code, and build automated guardrails so teams can move fast without waiting on manual security approvals.

We’re looking for a builder-defender who thrives in complex cloud environments, automates aggressively (“let the robots do the work”), and can scale cloud security for a fast-moving SaaS company.

What You’ll Do

Architectural Leadership: Partner deeply with infrastructure and engineering teams to embed security into development workflows, leading high-level technical discussions to guide security efforts and strategic priorities.
Multi-Cloud Engineering: Design, implement, and continuously improve Sigma Cloud Security across AWS, GCP, and Azure environments with architect-level technical depth.
Threat Modeling & IR: Conduct cloud threat modeling and demonstrate hands-on experience in Cloud Incident Response, including investigating and remediating malicious activity within cloud environments.
Identity & Access: Build IAM and privileged access strategy (RBAC/ABAC, federation, least privilege, cross-account access), eliminating standing privilege and long-lived credentials. Develop and enforce IAM best practices, including zero-trust models and privileged access controls across IaaS and SaaS.
Drive cloud data security controls including classification, encryption/KMS, masking/tokenization, access governance, retention/deletion, and exfiltration risk reduction across APIs and data pipelines.
Develop automated remediation workflows for recurring cloud misconfigurations, drift, and policy violations to reduce manual effort and response time.
Security Stack Management: Deploy and manage cloud-native services (CSPM, CNAPP, DSPM, SIEM, DLP, WAF, Kubernetes, and container security).
Network Defense: Review and apply zero-trust principles through strict network segmentation, authentication, and authorization.
Automation: Develop sophisticated signatures/rules for cloud security and automate detection and response workflows.
AI : Use AI securely and effectively to scale security practices and improve team efficiency.
Continuous Evolution: Stay ahead of threats by leveraging intelligence, attack simulation, and red/blue team learnings.

What We’re Looking For

Minimum 7+ years in Security roles with at least 5+ years focused on Cloud security engineering,IAM, and Data security
Bachelor’s or Master’s degree in Computer Science, Cyber Security, or a related field.
Deep technical expertise in cloud architectures AWS/Azure/GCP; including IAM, networking (VPCs, security groups, PrivateLink), and native security services is strongly desired.
Strong infrastructure-as-code skills—you write Terraform professionally, not just read it.
Advanced understanding and experience with container security, Kubernetes, and secure CI/CD pipeline design
Proven ability to demonstrate incident response experience specifically related to cloud-based malicious activity and breach remediation.
Advanced Cloud IAM expertise: federation, SSO, PAM/JIT access, service identities, and least privilege design.
Strong background in cloud network security (segmentation, private connectivity, egress controls, WAF).
Strong proficiency in scripting languages (e.g., Python, Go, PowerShell) for automation, data analysis, and security tooling development.
Strong knowledge of security platforms such as CNAPP (Wiz), WAF (Cloudflare), SASE (Netskope)
Demonstrated ability to lead cloud/saas architecture reviews and influence senior engineering stakeholders.
Experience securing data platforms (nice to have) - Snowflake, Databricks, BigQuery etc.
Experience in high-growth SaaS or data platforms Organizations (nice-to have)
Prior experience in Platform Engineering, DevSecops or similar (nice-to have)
Certifications (Preferred): Professional-level cloud certifications are required, such as:

Why Sigma?

At Sigma, security is at the core of our mission. We power insights and innovation for our customers, and protecting their data is our highest priority. As a Senior Security Engineer, you will have the autonomy to shape our Security Engineering strategy, access to cutting-edge technologies, and the opportunity to solve real problems at scale.

Join us and be part of a security team that values collaboration, innovation, and resilience—while giving you the room to grow, lead, and leave your mark on Sigma’s security journey.

Additional Job details

The base salary range for this position is $210k - $240k annually.

Compensation may vary outside of this range depending on a number of factors, including a candidate’s qualifications, skills, competencies and experience. Base pay is one part of the Total Package that is provided to compensate and recognize employees for their work at Sigma Computing. This role is eligible for stock options, as well as a comprehensive benefits package.

About us:

Sigma is the AI apps and analytics platform connected to the cloud data warehouse. Using Sigma, business and technical teams can build intelligent, production-ready AI apps that accelerate and automate operational workflows. Sigma provides a spreadsheet interface, SQL and Python editors, visual builders, and native AI to help teams turn live data into interactive applications, analysis, reports, and embedded experiences.

Sigma announced its $200M in Series D financing in May 2024, to continue transforming BI through its innovations in AI infrastructure, data application development, enterprise-wide collaboration, and business user adoption. Spark Capital and Avenir Growth Capital co-led the Series D funding round, with additional participation from a group of past investors including Snowflake Ventures and Sutter Hill Ventures.The Series D funding, raised at a valuation 60% higher than the company’s Series C round three years ago, promises to further accelerate Sigma’s growth.

Come join us!

Benefits For Our Full-Time Employees:

Equity
Generous health benefits
Flexible time off policy. Take the time off you need!
Paid bonding time for all new parents
Traditional and Roth 401k
Commuter and FSA benefits
Lunch Program
Dog friendly office

Sigma Computing is an equal opportunity employer. We are committed to building a smart and strong team regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender, gender identity or expression, or veteran status. We look forward to learning how your experience can enable all of us to grow_._

Note: We have an in-office work environment in all our offices in SF, NYC, and London.

**Our Privacy Practices **

When you submit a job application on this site, Sigma processes your personal data for the purposes of evaluating your candidacy for employment at Sigma and as otherwise needed throughout the recruitment and hiring process. Please review Sigma’s Candidate Privacy Notice for more details. Please note that your personal data may be transferred to a country other than the one in which it was provided (including to USA, the UK, and Canada).

**Sigma’s use of AI **

This hiring process utilizes artificial intelligence tools to assist in candidate screening and assessment. Our AI tools are designed to complement, not replace, human decision-making.