Security Engineer (L5), Cloud Security

Netflix is one of the world's leading entertainment services, with 283 million paid memberships in over 190 countries enjoying TV series, films and games across a wide variety of genres and languages. Members can play, pause and resume watching as much as they want, anytime, anywhere, and can change their plans at any time.

As a Cloud Security Engineer, you will design and implement patterns of cloud access and cloud security boundaries that securely enable new Netflix business verticals such as Live Streaming, Ads, and Games. This work primarily involves solving cloud access management challenges in collaboration with software engineering teams, and strategic design of new paved paths in collaboration with platform engineering teams. You will leverage our existing cloud security capabilities, and design new cloud security strategies/archetypes/magic to discover, self-serve, right-size, and manage cloud resources while maintaining operational excellence to managing cloud security risk.

This is a distinct role within Cloud Security, to expand our capacity for paving paths that enable the success of Netflix's emerging product areas, developer experiments, and acquisitions. The role is highly collaborative while applying and building your cloud security expertise for guidance and cloud security strategy development. This role is rewarding for people who want to use Netflix's mature cloud security toolkit like a set of building blocks to solve problems, while also identifying opportunities to develop new building blocks that exponentially extend our toolbox and reduce operations toil. Note: This role is not responsible for cloud security software development, but light scripting is valuable for informing decisions.

The Team

Netflix Cloud Security, within the wider Security Engineering Organization, is responsible for securing our cloud environments. Netflix operates our streaming service control plane on Amazon Web Services, which has led to one of the largest and most sophisticated AWS environments in the world. 

Netflix's Cloud Security tooling includes robust capabilities around Infrastructure as Code, secure configuration orchestration for IAM policies and SCPs, and cloud access and credential management for both developers and applications. In particular, we focus on access and configuration of cloud-native abstractions, while other teams are responsible for securing the data plane and for what happens within each instance (e.g., system security or the content of an S3 bucket). Our work takes the form of tool development (integrated with our cloud infrastructure platform), as well as cloud security operations, guidance, and strategy.

Our team operates through empathetic accountability, humanely candid feedback, proactive communication, and inclusion, in order to cultivate a psychologically safe and productive work environment. To learn more about this team, watch our past talks from AWS re:Invent on ,, and. You can also explore the team’s open source software and prior contributions:,,, and.

What you'll need to be successful:

• You have a broad understanding of AWS or GCP security fundamentals, particularly cloud IAM (hey you! don't disqualify yourself by underestimating your expertise)

• You have experience collaborating with product teams to understand their business needs and designing appropriate cloud security solutions to address them.

• You can communicate good, to convey complex technical issues cross-functionally through written and verbal communication

• You take a pragmatic approach by engaging transparently with the nuances and tradeoffs of security risk

• You believe a diverse and inclusive team is a critical aspect of a sustainable and effective work environment

• You thrive by identifying high-leverage work and doing it without explicit direction

Nice to have:

• Experience securing challenging 3rd-party cloud infrastructure access patterns such as vendor integrations

• Experience defining insightful metrics to guide our cloud security posture or progress.

• GCP security expertise

No certifications or degrees are required for this role.

We are looking for a thoughtful professional who enables our mission and supports our unique . We encourage you to ask questions to understand how we strive to create a safe and productive work environment.

Compensation:

Generally, our compensation structure consists solely of an annual salary; we do not have bonuses. You choose each year how much of your compensation you want in salary versus stock options. To determine your personal top of market compensation, we rely on market indicators and consider your specific job family, background, skills, and experience to determine your compensation in the market range. The range for this role is 100,000 - $720,000.

Benefits:

Netflix provides comprehensive benefits including Health Plans, Mental Health support, a 401(k) Retirement Plan with employer match, Stock Option Program, Disability Programs, Health Savings and Flexible Spending Accounts, Family-forming benefits, and Life and Serious Injury Benefits. We also offer paid leave of absence programs.  Full-time hourly employees accrue 35 days annually for paid time off to be used for vacation, holidays, and sick paid time off. Full-time salaried employees are immediately entitled to flexible time off. See more detail about our Benefits here

Culture: 

Netflix is a unique culture and environment.  Learn more .

We are an equal-opportunity employer and celebrate diversity, recognizing that diversity of thought and background builds stronger teams. We approach diversity and inclusion seriously and thoughtfully. We do not discriminate on the basis of race, religion, color, ancestry, national origin, caste, sex, sexual orientation, gender, gender identity or expression, age, disability, medical condition, pregnancy, genetic makeup, marital status, or military service.

Job is open for no less than 7 days and will be removed when the position is filled.

is a Netflix value and we strive to host a meaningful interview experience for all candidates. If you want an accommodation/adjustment for a disability or any other reason during the hiring process, please send a request to your recruiting partner.

We are an equal-opportunity employer and celebrate diversity, recognizing that diversity builds stronger teams. We approach diversity and inclusion seriously and thoughtfully. We do not discriminate on the basis of race, religion, color, ancestry, national origin, caste, sex, sexual orientation, gender, gender identity or expression, age, disability, medical condition, pregnancy, genetic makeup, marital status, or military service.

Job is open for no less than 7 days and will be removed when the position is filled.