Senior Cloud Security Engineer

Who We Are:

 

Dedicated to making a difference in law enforcement agencies across the U.S., our mission is to transform policing by elevating officer performance with a preventative-based early intervention system. Driven by data science and powered by machine learning, our offering analyzes officer performance data in order to identify potentially problematic behavior. In partnership with the University of Chicago, we’ve developed the world’s largest multi-jurisdictional officer performance database, and the only research-driven, evidence-based early intervention system available in policing today.

We’re also the only provider of a fully integrated, cloud-based Software-as-a-Service (SaaS) platform that simplifies essential policing workflows. This platform is designed to be a single-source solution for all operational needs, driving extensive efficiency gains and providing best-in-class advanced analytics and insights.

Benchmark Analytics provides a comprehensive, all-in-one solution that is advancing police force management through state-of-the-art technology and market-leading data and analytics.

 

The Role:

 

We’re looking for a Senior Cloud Security Engineer to join our Infrastructure & Security team, owning the intersection of platform reliability, cloud infrastructure, and security. You’ll embed security practices directly into our engineering lifecycle and apply software engineering principles to build the internal platforms that let our developers ship securely and enable AI-assisted code development. Working closely with the Director of Infrastructure & Security, you’ll harden our AWS environment, mature our CI/CD pipelines, maintain our Kubernetes platform, and keep us audit-ready against CJIS and SOC 2 requirements. This is a high-ownership role spanning infrastructure, security, platform, and developer enablement, with the autonomy to make sound engineering tradeoffs, shape security decisions, and lead incident response.

 

Responsibilities:

 

  • Design, build, and maintain secure AWS infrastructure across standard and GovCloud environments
  • Own infrastructure-as-code (Terraform / OpenTofu) with a security-first mindset
  • Manage IAM strategy, least-privilege access controls, and cloud security posture
  • Own application observability and monitoring — instrumentation, dashboards, and alerting across infrastructure and application layers so issues surface before customers do
  • Operate and evolve our EKS-based platform including node lifecycle, workload isolation, and cluster security
  • Implement and maintain admission control, network policies, and runtime security tooling
  • Partner with engineering teams on deployment patterns and container security
  • Build and maintain secure, automated deployment pipelines (GitHub Actions)
  • Integrate SAST, dependency scanning, secrets detection, and container image scanning into the SDLC
  • Drive shift-left security practices across the engineering organization
  • Maintain and improve security controls aligned to CJIS Security Policy and SOC 2 Trust Services Criteria
  • Triage or resolve security alerts by working with engineering teams and/or committing code yourself
  • Manage vulnerability management workflows, prioritization, and remediation tracking
  • Support audit preparation, evidence collection, and control documentation
  • Monitor for threats and respond to security findings across cloud, application, and endpoint layers
  • Enforce and maintain software supply chain security across the organization
  • Serve as an on-call responder for infrastructure and security incidents
  • Drive post-incident reviews and own follow-up remediation items
  • Develop and refine runbooks, alerting, and on-call procedures
  • Identify and implement automation opportunities that reduce manual operational toil
  • Contribute to AI-assisted operations initiatives, including agentic workflows and observability improvements
  • Build and maintain an internal Agentic-based software factory platform to accelerate organization-wide agentic coding
  • Apply security controls to AI tooling and LLM-integrated systems as they are introduced
  • Build and maintain self-service infrastructure tooling that lets engineering teams ship securely without waiting on Infrastructure & Security teams
  • Create paved-path templates, modules, and golden pipelines that make the secure path the easy path
  • Improve the developer experience by identifying problems and automating, improving, and accelerating developers’ workflows through custom internal platform solutions
  • Provide internal documentation, office hours, and enablement sessions to level up engineering teams on cloud, security, and platform best practices

Job Qualifications:

 

Required

  • 5–8 years of experience in DevOps, DevSecOps, SRE, Cloud Engineering, or Platform Engineering roles
  • Strong hands-on AWS cloud infrastructure experience: EC2, EKS, IAM, VPC, S3, and related services
  • Production Kubernetes experience including cluster operations and workload security
  • Experience building and maintaining CI/CD pipelines with integrated security tooling
  • Working knowledge of SOC 2 or similar compliance frameworks and their operational implications
  • Infrastructure-as-code fluency with Terraform or OpenTofu
  • Strong incident response skills: you’ve been in the hot seat and know how to stay calm and methodical
  • Able to receive and respond constructively to feedback, and collaborate well with team members
  • Excellent written communication: you can document a runbook, write a post-mortem, and explain a technical risk to a non-technical stakeholder
  • Bachelor’s degree in Computer Science or equivalent professional experience

Nice to Have

  • Experience with CJIS Security Policy or other criminal justice / government data frameworks
  • AWS GovCloud experience
  • Familiarity with agentic AI workflows or LLM security considerations
  • Experience with observability platforms (Datadog, OpenTelemetry, or similar)
  • Contributions to security tooling, automation frameworks, or open-source projects
  • Experience working in an early-to-growth-stage startup environment

What We Offer:

 

  • A competitive salary and benefits package.
  • Unlimited Paid Time Off.
  • Ability to work in a fully remote environment (must be based in the U.S. and willing to work in Central Time Zone).
  • Summer Half-Day Fridays.
  • Freed Up Fridays during Spring, Fall, and Winter months to promote productivity and dedicated heads-down work time.
  • Medical, dental, and vision plan offerings along with 401(k).
  • Employer-paid Short-Term Disability, Long-Term Disability, and Life Insurance.
  • Other Voluntary Benefits include additional Life Insurance, Spouse Life Insurance, and Accident Insurance.
  • The satisfaction that comes with being part of a solution that has real impact in the world.
  • A diverse workforce and inclusive environment that embraces unique contributions and experiences.
  • An empowered culture that encourages creativity and professional growth.

Estimated Annual Salary Range for this Role:

 

  • $150k-$180k; based on role, experience, and location

Additional Information:

 

  • Benchmark Analytics is an Equal Opportunity Employer. We value diversity of all kinds in our effort to create a stellar workforce of committed and passionate team members.
  • Unfortunately, we are not able to sponsor employment visas at this time, so we can only accept applications from candidates who are authorized to work in the U.S.
  • If interested, please submit an application or email your resume to [email protected]