Long Beach, CA, US

Job Term


Company Website

Who we’re looking for:

The Zwift InfoSec Team seeks a Lead Cloud Security Engineer to help build and grow security engineering operations for our cloud-based services platform. You will lead security due diligence efforts, plan security integrations, and collaborate with cloud and engineering teams to build resilient security focussed architecture. You will partner with key project stakeholders to review technology proposals, identify key security impacts, implement actionable plans to achieve remediation of security threats and dive deep into tactical security aspects of a cloud-based containerized service built from the ground up. Lead Cloud Security Engineers oversee and influence cross-functional teams with a keen focus on security due diligence and integration.

Successful Lead Cloud Security Engineers at Zwift are self-starters, able to work autonomously in ambiguous environments, and collaborative natural problem solvers with experience automating and integrating disparate technologies. You should have strong problem-solving skills, excellent communication skills, a deep technical understanding of modern cloud and containerized security threats, the ability to influence people from customers to managers through technical solutions, and the desire to be an integral contributor to securing Zwift’s systems and services technology platforms.

The Zwift InfoSec Team is responsible for the security and availability of all services offered by Zwift, as well as providing security support for teams leveraging those services. The Zwift InfoSec team works with service teams to design and build secure solutions, participate in and coordinate cross-organization security initiatives, review and audit proposed technologies and services, and solve security challenges at scale. This is an exciting and visible role – you will directly influence the security postures for Zwift products and services.


What you'll do:

  • Collaborate with Engineering teams across Zwift to design, build, and validate secure and scalable containerized architectures in the cloud.
  • Implement information security controls and patterns that support risk assessments and the development of secure architectures.
  • Collaborate with engineering teams to drive product roadmaps by providing security requirements that map security controls to service features.
  • Identify and mitigate risks throughout our corporate and production environments.
  • Provide continuous technical support and escalation management for security-related issues throughout Zwift.
  • Identify opportunities for process improvement, including the development and implementation of internal security tools, tactics, and procedures.
  • Provide security-related guidance and documentation.


What we’re looking for:

  • Bachelor's Degree in Computer Science or a related field
  • 10+ years of progressive security engineering experience; preferably within a professional services firm or similar environment working with startups and large security mature companies.
  • 8+ years of hands-on experience securing cloud applications and infrastructure (AWS strongly preferred).
  • 5+ years of hands-on experience operating and securing container-based infrastructures.
  • Excellent understanding/working knowledge of the public cloud infrastructure and services in AWS (IAM, VPC, KMS, CloudWatch, Systems Manager, S3, RDS, Route53, Lambda, AWS Config, etc.).
  • Excellent understanding of Docker and container orchestration with Kubernetes and experience running production Kubernetes clusters in Amazon EKS with a focus on Security
  • Experience implementing and leveraging centralized logging and monitoring solutions such as Elasticsearch, Kibana, Fluentd, Influxdb, Prometheus, Grafana, etc.
  • Proficient in Infrastructure as Code (IaC) languages such as Terraform
  • Understanding and experience with CI/CD security and its implementation
  • Understanding best practices in one or more Cloud Security Engineering specialties: secure development, cryptography, network security, security operations, systems security, policy, and incident response.
  • Excellent experience with scripting and automation (Python, Go, JS, C, C++, Java, Ruby, or PowerShell)
  • Socially confident with good organization, communication, and presentation skills.
  • Self-starter with strong analytical skills and a proactive approach to problem-solving.

The base salary for this position ranges between $107,000 - $190,000. The base salary will be based on a number of factors including the role offered, the individual's job-related knowledge, skills, qualifications, and geographic location. In addition to base salary, Zwift is proud to offer a comprehensive and competitive benefits package for all eligible employees which also includes performance bonuses, equity, and a full range of medical, financial, and other perks and benefits.


How to stand out among the rest:

Your resume/CV is enough to show off your skills, accomplishments, and experience. However, if you choose to include a cover letter introducing us to your awesome personality, we will read that too.

We strongly believe that different backgrounds and ideas are a competitive advantage; we hire candidates of any race, color, ancestry, religion, sex, national origin, sexual orientation, gender identity, age, marital or family status, disability, Veteran status, and any other status. Zwift is proud to be an Equal Opportunity Employer. If you have a disability or special need that requires accommodation, please let us know by emailing [email protected]

Zwift, Inc. is an Equal Opportunity Employer.

Transparency in Coverage: 

Health plan price transparency is designed to help consumers know the cost of covered items or healthcare-related services prior to the date upon which they receive care. Transparency in Coverage (TIC) regulations require health insurers and group health plans to create machine readable files (MRFs) that contain the negotiated rates for in-network providers and allowed amounts derived from historical claims for out-of-network providers and make those files publicly available.

Here is the link to the site on which Kaiser Permanente posts its in-network and out-of-network allowed amount machine-readable files (MRFs).

Here is the link to the site on which Anthem posts  its in-network and out-of-network allowed amount machine-readable files (MRFs). The link will allow you to search for your files using your Employer Identification Number (81-2798595)

Apply now