Security Site Reliability Engineer
Pura USA, Pleasant Grove, UT, United States
Security Site Reliability Engineer
You'll be the first dedicated Security SRE at Pura, reporting to the CISO. This is a high-impact, high-autonomy role where you'll own the security posture of our AWS and GCP environments. You'll work alongside our AppSec engineer and Security Director to protect the infrastructure that powers millions of connected devices, our API backends, and our growing suite of internal tools.
This isn't a "monitor dashboards and elevate" role. You'll be hands‑on — hardening infrastructure, enforcing secure patterns in Terraform, establishing security oversight of patching processes, and responding to the accelerating pace of vulnerability disclosures driven by AI-powered security research.
Our infrastructure is in good shape — 75%+ is managed via Terraform, secrets are centrally managed, and we have a solid engineering team handling reliability. What we need is someone who brings a security lens to all of it and makes our infrastructure defensible by default.
What You’ll Own
Own cloud infrastructure security across AWS and GCP — IAM policies, network segmentation, encryption at rest/in transit, and CIS benchmark compliance
Harden our IaC (Terraform) patterns — create secure modules, enforce policy‑as‑code (OPA/Sentinel/Checkov), and prevent misconfigurations before they reach production
Establish security oversight of patching — engineering owns patching execution; you verify coverage, flag gaps, and ensure critical vulnerabilities are remediated on schedule
Implement and manage cloud‑native security tooling — GuardDuty, Security Hub, Cloud Armor, Config Rules, and similar services
Support our Wazuh SIEM — maintain and extend cloud log ingestion (CloudTrail, VPC Flow Logs, GCP Audit Logs) and help tune detection rules after initial setup by a detection engineering contractor
Collaborate with engineering teams to make secure infrastructure patterns the path of least resistance, not a gate
Support ISO 27001 compliance efforts by maintaining evidence of infrastructure security controls (Vanta deployment planned Q3 2026)
Respond to security incidents involving infrastructure — contain, remediate, document, and improve
Qualifications
Must have:
3+ years in SRE, DevOps, or Infrastructure Engineering with a security focus (or security engineering with strong infrastructure skills)
Hands‑on experience with AWS (IAM, VPC, EKS/ECS, Security Hub, GuardDuty, CloudTrail, Config)
Working experience with GCP (doesn't need to be as deep as AWS)
Strong Terraform skills — written modules, not just applied them
Experience with Kubernetes security — RBAC, network policies, pod security standards, image scanning
Solid understanding of Linux systems administration and OS‑level hardening
Comfortable scripting in Go, TypeScript, Python, or Bash for automation and tooling
Experience with centralized logging — bonus if you've worked with Wazuh, but ELK/Datadog/Grafana experience translates
Nice to have
Experience with Wazuh (our SIEM platform)
Familiarity with policy‑as‑code frameworks (OPA, Sentinel, Checkov)
Experience with container security scanning (Trivy, Snyk Container, Aqua, etc.)
Background in incident response from an infrastructure perspective
Experience securing IoT backend infrastructure or high‑volume device API traffic
Experience with ISO 27001 or similar compliance frameworks
Relevant certifications (AWS Security Specialty, CKS, etc.)
Who you are
You default to automation over manual processes
You think in terms of blast radius and defense in depth
You can explain infrastructure security concepts to application developers without condescension
You're comfortable being the first person in a role and building the playbook
You stay current on cloud security threats and vulnerability disclosures
You're excited to grow — this role has a clear path to senior as the security program matures
Pura provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type ... without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws.
All candidates are subject to a background check.
#J-18808-Ljbffr
You'll be the first dedicated Security SRE at Pura, reporting to the CISO. This is a high-impact, high-autonomy role where you'll own the security posture of our AWS and GCP environments. You'll work alongside our AppSec engineer and Security Director to protect the infrastructure that powers millions of connected devices, our API backends, and our growing suite of internal tools.
This isn't a "monitor dashboards and elevate" role. You'll be hands‑on — hardening infrastructure, enforcing secure patterns in Terraform, establishing security oversight of patching processes, and responding to the accelerating pace of vulnerability disclosures driven by AI-powered security research.
Our infrastructure is in good shape — 75%+ is managed via Terraform, secrets are centrally managed, and we have a solid engineering team handling reliability. What we need is someone who brings a security lens to all of it and makes our infrastructure defensible by default.
What You’ll Own
Own cloud infrastructure security across AWS and GCP — IAM policies, network segmentation, encryption at rest/in transit, and CIS benchmark compliance
Harden our IaC (Terraform) patterns — create secure modules, enforce policy‑as‑code (OPA/Sentinel/Checkov), and prevent misconfigurations before they reach production
Establish security oversight of patching — engineering owns patching execution; you verify coverage, flag gaps, and ensure critical vulnerabilities are remediated on schedule
Implement and manage cloud‑native security tooling — GuardDuty, Security Hub, Cloud Armor, Config Rules, and similar services
Support our Wazuh SIEM — maintain and extend cloud log ingestion (CloudTrail, VPC Flow Logs, GCP Audit Logs) and help tune detection rules after initial setup by a detection engineering contractor
Collaborate with engineering teams to make secure infrastructure patterns the path of least resistance, not a gate
Support ISO 27001 compliance efforts by maintaining evidence of infrastructure security controls (Vanta deployment planned Q3 2026)
Respond to security incidents involving infrastructure — contain, remediate, document, and improve
Qualifications
Must have:
3+ years in SRE, DevOps, or Infrastructure Engineering with a security focus (or security engineering with strong infrastructure skills)
Hands‑on experience with AWS (IAM, VPC, EKS/ECS, Security Hub, GuardDuty, CloudTrail, Config)
Working experience with GCP (doesn't need to be as deep as AWS)
Strong Terraform skills — written modules, not just applied them
Experience with Kubernetes security — RBAC, network policies, pod security standards, image scanning
Solid understanding of Linux systems administration and OS‑level hardening
Comfortable scripting in Go, TypeScript, Python, or Bash for automation and tooling
Experience with centralized logging — bonus if you've worked with Wazuh, but ELK/Datadog/Grafana experience translates
Nice to have
Experience with Wazuh (our SIEM platform)
Familiarity with policy‑as‑code frameworks (OPA, Sentinel, Checkov)
Experience with container security scanning (Trivy, Snyk Container, Aqua, etc.)
Background in incident response from an infrastructure perspective
Experience securing IoT backend infrastructure or high‑volume device API traffic
Experience with ISO 27001 or similar compliance frameworks
Relevant certifications (AWS Security Specialty, CKS, etc.)
Who you are
You default to automation over manual processes
You think in terms of blast radius and defense in depth
You can explain infrastructure security concepts to application developers without condescension
You're comfortable being the first person in a role and building the playbook
You stay current on cloud security threats and vulnerability disclosures
You're excited to grow — this role has a clear path to senior as the security program matures
Pura provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type ... without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws.
All candidates are subject to a background check.
#J-18808-Ljbffr