Senior Cloud & Application Security Engineer | Valon | Remote (United States)
Posted 2025-09-08
Remote, USA
Full Time
Immediate Start
<p class=" text-gray-200 text-base sm:text-lg leading-relaxed mb-3"><strong class=" font-semibold">About the Company</strong></p>
<p class=" text-gray-200 text-base sm:text-lg leading-relaxed mb-3">Valon’s mission is to empower every homeowner. We believe the journey of home ownership starts when you get your keys, but lasts far beyond. We’re creating a world where home ownership comes with ease, security, and financial know-how. Our growing team of engineers, operators, product enthusiasts, and experienced servicing professionals are leveraging technology to fundamentally improve the homeownership experience. Through mortgage servicing—the process of paying off one’s mortgage—Valon is taking the first step in transforming the industry one homeowner, and lender, at a time.</p>
<h3 class=" text-white font-semibold text-lg mb-2"><strong class=" font-semibold">About the Team</strong></h3>
<p class=" text-gray-200 text-base sm:text-lg leading-relaxed mb-3">Our customers entrust us with some of their most sensitive and personal financial information, and it is the ultimate mission of Valon’s Security team to ensure we have sound programs, processes, and automation in place to safeguard our customers’ data. The Security team protects the infrastructure and data for processing billions of dollars of mortgage loans. We work cross-functionally with product, engineering, IT, legal, and more to enable security throughout the organization. We engage with external security auditors, pentesting firms, and partners to continuously evaluate Valon’s security posture.</p>
<h3 class=" text-white font-semibold text-lg mb-2"><strong class=" font-semibold">About the Role</strong></h3>
<p class=" text-gray-200 text-base sm:text-lg leading-relaxed mb-3">We are seeking an experienced and skilled Senior Security Engineer (Cloud Platform and Application Security) to join our growing team! As a key security member at Valon, you will play a critical role in ensuring the security of our organization’s systems, cloud infrastructure, products and data. This position requires a deep understanding of security technologies, cloud platform and application security, secure SDLC practices, security risk and controls, and the ability to collaborate with cross-functional teams to ensure we protect our most critical assets to uphold trust with our customers and stakeholders.</p>
<h2><strong class=" font-semibold">Responsibilities</strong></h2>
<ul class=" text-base sm:text-lg marker:text-color list-inside list-disc text-gray-500 list-disc list-outside pl-3 mb-6">
<li class=" leading-snug mb-2 pl-2"><span class="text-gray-200">Cloud Security Design and Implementation: Develop and implement security architectures for cloud platforms (e.g., Google Cloud, AWS) that ensure the confidentiality, integrity, and availability of our cloud resources</span></li>
<li class=" leading-snug mb-2 pl-2"><span class="text-gray-200">Application Security: Conduct security assessments, support code reviews, and vulnerability scanning to identify and mitigate risks in applications. Collaborate with engineering teams to integrate DevSecOps practices into the Software Development Life Cycle (SDLC)</span></li>
<li class=" leading-snug mb-2 pl-2"><span class="text-gray-200">Conduct in-depth analysis of security events, incidents, and vulnerabilities to identify root causes and recommend corrective actions</span></li>
<li class=" leading-snug mb-2 pl-2"><span class="text-gray-200">Manage and optimize security tools such as CSPM, CIEM, CDR, DSPM, SAST/DAST, SCA and/or related technologies</span></li>
<li class=" leading-snug mb-2 pl-2"><span class="text-gray-200">Assist in vulnerability assessments and penetration testing activities including remediating security issues</span></li>
<li class=" leading-snug mb-2 pl-2"><span class="text-gray-200">Collaborate with other teams to ensure the effective integration of security controls across the organization including infrastructure and applications</span></li>
<li class=" leading-snug mb-2 pl-2"><span class="text-gray-200">Develop, implement, and enforce security policies, standards, and procedures</span></li>
<li class=" leading-snug mb-2 pl-2"><span class="text-gray-200">Maintain accurate and up-to-date documentation of security processes, procedures, and configurations</span></li>
<li class=" leading-snug mb-2 pl-2"><span class="text-gray-200">Develop security metrics and reporting for management review</span></li>
<li class=" leading-snug mb-2 pl-2"><span class="text-gray-200">Support operational activities including security advisory and design, vendor security reviews, issue remediation, security awareness and training, and other processes</span></li>
<li class=" leading-snug mb-2 pl-2"><span class="text-gray-200">Support audit and compliance activities for various security domains</span></li>
</ul>
<h3 class=" text-white font-semibold text-lg mb-2"><strong class=" font-semibold">Ideal Background</strong></h3>
<ul class=" text-base sm:text-lg marker:text-color list-inside list-disc text-gray-500 list-disc list-outside pl-3 mb-6">
<li class=" leading-snug mb-2 pl-2"><span class="text-gray-200">Proven experience in a security engineer or related role, with a focus on cloud platform and infrastructure security, application/product security, detection and response, and/or vulnerability management.</span></li>
<li class=" leading-snug mb-2 pl-2"><span class="text-gray-200">In-depth knowledge and implementation of platform and application security technologies, including CSPM, CIEM, CDR, DSPM, SAST/DAST, SCA and/or related vulnerability and security management tools.</span></li>
<li class=" leading-snug mb-2 pl-2"><span class="text-gray-200">Strong understanding of application development, code reviews, networking protocols, configuration management, infrastructure security or related domains</span></li>
<li class=" leading-snug mb-2 pl-2"><span class="text-gray-200">Experience with cloud security and environments (strong GCP experience is preferred)</span></li>
<li class=" leading-snug mb-2 pl-2"><span class="text-gray-200">Ability to work autonomously and navigate complex efforts including driving multiple projects</span></li>
<li class=" leading-snug mb-2 pl-2"><span class="text-gray-200">Ability to foster strong relationships and partner with stakeholders to drive results</span></li>
<li class=" leading-snug mb-2 pl-2"><span class="text-gray-200">Excellent communication and collaboration skills, with the ability to explain complex security concepts to technical and non-technical stakeholders</span></li>
<li class=" leading-snug mb-2 pl-2"><span class="text-gray-200">Knowledge of security and compliance frameworks and requirements (OWASP, SOC 2, NIST, ISO, CIS, etc.)</span></li>
<li class=" leading-snug mb-2 pl-2"><span class="text-gray-200">Experience or exposure to startup environments is a plus</span></li>
</ul>
<h3 class=" text-white font-semibold text-lg mb-2">Minimum Qualifications</h3>
<ul class=" text-base sm:text-lg marker:text-color list-inside list-disc text-gray-500 list-disc list-outside pl-3 mb-6">
<li class=" leading-snug mb-2 pl-2"><span class="text-gray-200">Minimum of 5 years as a technical security engineer with relevant responsibilities and background</span></li>
<li class=" leading-snug mb-2 pl-2"><span class="text-gray-200">Bachelor’s degree in Computer Science, Information Security, Technology, or a related field</span></li>
<li class=" leading-snug mb-2 pl-2"><span class="text-gray-200">Relevant security certifications (e.g., CISSP, CISM, CCSK, CCSP). Google Cloud Security Engineer or related certificates are a plus.</span></li>
<li class=" leading-snug mb-2 pl-2"><span class="text-gray-200">Strong knowledge of cloud environments</span></li>
<li class=" leading-snug mb-2 pl-2"><span class="text-gray-200">Experience with security technologies (specifically cloud platform and application security tools above)</span></li>
</ul>
<h3 class=" text-white font-semibold text-lg mb-2"><strong class=" font-semibold">Benefits</strong></h3>
<ul class=" text-base sm:text-lg marker:text-color list-inside list-disc text-gray-500 list-disc list-outside pl-3 mb-6">
<li class=" leading-snug mb-2 pl-2"><span class="text-gray-200">Base salary band: $170,000 – $200,000</span></li>
<li class=" leading-snug mb-2 pl-2"><span class="text-gray-200">Compensation: competitive salary with a meaningful stake in the company via equity and our performance bonus program and 401k plan</span></li>
<li class=" leading-snug mb-2 pl-2"><span class="text-gray-200">Health & well-being: we’ll invest in your physical and mental well-being with comprehensive medical, dental, & vision benefits, One medical membership, and Talkspace to provide mental health support</span></li>
<li class=" leading-snug mb-2 pl-2"><span class="text-gray-200">Food & meals: in-office snacks and drinks, and $400 monthly stipend towards your lunches or groceries</span></li>
<li class=" leading-snug mb-2 pl-2"><span class="text-gray-200">Commuter benefits: We offer pre-tax deductions for public transportation, rideshare services, and parking expenses to make your commute more affordable and convenient.</span></li>
<li class=" leading-snug mb-2 pl-2"><span class="text-gray-200">Grow together: Company wide orientation for you to successfully onboard and other learning & development opportunities including regular review cycles that feature 360 degree feedback</span></li>
<li class=" leading-snug mb-2 pl-2"><span class="text-gray-200">Play together: quarterly budgets for team and company outings. Use it for team swag, cooking classes or team dinners!</span></li>
<li class=" leading-snug mb-2 pl-2"><span class="text-gray-200">Generous time off: flexible paid time off, sick days, and 11 company holidays</span></li>
<li class=" leading-snug mb-2 pl-2"><span class="text-gray-200">Baby bonding time!: 3 months off for birthing parents and 2 months off for non-birthing parents – fully paid so you can focus your energy on your newest addition</span></li>
</ul>
<p class=" text-gray-200 text-base sm:text-lg leading-relaxed mb-3">This Base Compensation pay range applies to our New York City located staff and may differ according to location.</p>
<p class=" text-gray-200 text-base sm:text-lg leading-relaxed mb-3">New York Base Compensation Pay Range</p>
<p class=" text-gray-200 text-base sm:text-lg leading-relaxed mb-3">$170,000—$200,000 USD</p>
<p class=" text-gray-200 text-base sm:text-lg leading-relaxed mb-3"><em>Throughout the interview process, please remember that emails will only be from</em> <a href="http://valon.com/" target="_blank" class="break-all font-medium underline hover:opacity-75" rel="noopener noreferrer nofollow"><em>valon.com</em></a> <em>emails. We won’t ever be asking for any personally identifiable information during the interview process itself. Please reach out to talent@valon.com if you have any requests to verify the authenticity of an outreach.</em></p>
<p class=" text-gray-200 text-base sm:text-lg leading-relaxed mb-3"><em>Valon is an equal opportunity employer that is committed to diversity and inclusion in the workplace. We prohibit discrimination and harassment of any kind based on race, color, sex, religion, sexual orientation, national origin, disability, genetic information, pregnancy, or any other protected characteristic as outlined by federal, state, or local laws. Valon makes hiring decisions based solely on qualifications, merit, and business needs at the time.</em></p>
<p class=" text-gray-200 text-base sm:text-lg leading-relaxed mb-3">Valon’s mission is to empower every homeowner. We believe the journey of home ownership starts when you get your keys, but lasts far beyond. We’re creating a world where home ownership comes with ease, security, and financial know-how. Our growing team of engineers, operators, product enthusiasts, and experienced servicing professionals are leveraging technology to fundamentally improve the homeownership experience. Through mortgage servicing—the process of paying off one’s mortgage—Valon is taking the first step in transforming the industry one homeowner, and lender, at a time.</p>
<h3 class=" text-white font-semibold text-lg mb-2"><strong class=" font-semibold">About the Team</strong></h3>
<p class=" text-gray-200 text-base sm:text-lg leading-relaxed mb-3">Our customers entrust us with some of their most sensitive and personal financial information, and it is the ultimate mission of Valon’s Security team to ensure we have sound programs, processes, and automation in place to safeguard our customers’ data. The Security team protects the infrastructure and data for processing billions of dollars of mortgage loans. We work cross-functionally with product, engineering, IT, legal, and more to enable security throughout the organization. We engage with external security auditors, pentesting firms, and partners to continuously evaluate Valon’s security posture.</p>
<h3 class=" text-white font-semibold text-lg mb-2"><strong class=" font-semibold">About the Role</strong></h3>
<p class=" text-gray-200 text-base sm:text-lg leading-relaxed mb-3">We are seeking an experienced and skilled Senior Security Engineer (Cloud Platform and Application Security) to join our growing team! As a key security member at Valon, you will play a critical role in ensuring the security of our organization’s systems, cloud infrastructure, products and data. This position requires a deep understanding of security technologies, cloud platform and application security, secure SDLC practices, security risk and controls, and the ability to collaborate with cross-functional teams to ensure we protect our most critical assets to uphold trust with our customers and stakeholders.</p>
<h2><strong class=" font-semibold">Responsibilities</strong></h2>
<ul class=" text-base sm:text-lg marker:text-color list-inside list-disc text-gray-500 list-disc list-outside pl-3 mb-6">
<li class=" leading-snug mb-2 pl-2"><span class="text-gray-200">Cloud Security Design and Implementation: Develop and implement security architectures for cloud platforms (e.g., Google Cloud, AWS) that ensure the confidentiality, integrity, and availability of our cloud resources</span></li>
<li class=" leading-snug mb-2 pl-2"><span class="text-gray-200">Application Security: Conduct security assessments, support code reviews, and vulnerability scanning to identify and mitigate risks in applications. Collaborate with engineering teams to integrate DevSecOps practices into the Software Development Life Cycle (SDLC)</span></li>
<li class=" leading-snug mb-2 pl-2"><span class="text-gray-200">Conduct in-depth analysis of security events, incidents, and vulnerabilities to identify root causes and recommend corrective actions</span></li>
<li class=" leading-snug mb-2 pl-2"><span class="text-gray-200">Manage and optimize security tools such as CSPM, CIEM, CDR, DSPM, SAST/DAST, SCA and/or related technologies</span></li>
<li class=" leading-snug mb-2 pl-2"><span class="text-gray-200">Assist in vulnerability assessments and penetration testing activities including remediating security issues</span></li>
<li class=" leading-snug mb-2 pl-2"><span class="text-gray-200">Collaborate with other teams to ensure the effective integration of security controls across the organization including infrastructure and applications</span></li>
<li class=" leading-snug mb-2 pl-2"><span class="text-gray-200">Develop, implement, and enforce security policies, standards, and procedures</span></li>
<li class=" leading-snug mb-2 pl-2"><span class="text-gray-200">Maintain accurate and up-to-date documentation of security processes, procedures, and configurations</span></li>
<li class=" leading-snug mb-2 pl-2"><span class="text-gray-200">Develop security metrics and reporting for management review</span></li>
<li class=" leading-snug mb-2 pl-2"><span class="text-gray-200">Support operational activities including security advisory and design, vendor security reviews, issue remediation, security awareness and training, and other processes</span></li>
<li class=" leading-snug mb-2 pl-2"><span class="text-gray-200">Support audit and compliance activities for various security domains</span></li>
</ul>
<h3 class=" text-white font-semibold text-lg mb-2"><strong class=" font-semibold">Ideal Background</strong></h3>
<ul class=" text-base sm:text-lg marker:text-color list-inside list-disc text-gray-500 list-disc list-outside pl-3 mb-6">
<li class=" leading-snug mb-2 pl-2"><span class="text-gray-200">Proven experience in a security engineer or related role, with a focus on cloud platform and infrastructure security, application/product security, detection and response, and/or vulnerability management.</span></li>
<li class=" leading-snug mb-2 pl-2"><span class="text-gray-200">In-depth knowledge and implementation of platform and application security technologies, including CSPM, CIEM, CDR, DSPM, SAST/DAST, SCA and/or related vulnerability and security management tools.</span></li>
<li class=" leading-snug mb-2 pl-2"><span class="text-gray-200">Strong understanding of application development, code reviews, networking protocols, configuration management, infrastructure security or related domains</span></li>
<li class=" leading-snug mb-2 pl-2"><span class="text-gray-200">Experience with cloud security and environments (strong GCP experience is preferred)</span></li>
<li class=" leading-snug mb-2 pl-2"><span class="text-gray-200">Ability to work autonomously and navigate complex efforts including driving multiple projects</span></li>
<li class=" leading-snug mb-2 pl-2"><span class="text-gray-200">Ability to foster strong relationships and partner with stakeholders to drive results</span></li>
<li class=" leading-snug mb-2 pl-2"><span class="text-gray-200">Excellent communication and collaboration skills, with the ability to explain complex security concepts to technical and non-technical stakeholders</span></li>
<li class=" leading-snug mb-2 pl-2"><span class="text-gray-200">Knowledge of security and compliance frameworks and requirements (OWASP, SOC 2, NIST, ISO, CIS, etc.)</span></li>
<li class=" leading-snug mb-2 pl-2"><span class="text-gray-200">Experience or exposure to startup environments is a plus</span></li>
</ul>
<h3 class=" text-white font-semibold text-lg mb-2">Minimum Qualifications</h3>
<ul class=" text-base sm:text-lg marker:text-color list-inside list-disc text-gray-500 list-disc list-outside pl-3 mb-6">
<li class=" leading-snug mb-2 pl-2"><span class="text-gray-200">Minimum of 5 years as a technical security engineer with relevant responsibilities and background</span></li>
<li class=" leading-snug mb-2 pl-2"><span class="text-gray-200">Bachelor’s degree in Computer Science, Information Security, Technology, or a related field</span></li>
<li class=" leading-snug mb-2 pl-2"><span class="text-gray-200">Relevant security certifications (e.g., CISSP, CISM, CCSK, CCSP). Google Cloud Security Engineer or related certificates are a plus.</span></li>
<li class=" leading-snug mb-2 pl-2"><span class="text-gray-200">Strong knowledge of cloud environments</span></li>
<li class=" leading-snug mb-2 pl-2"><span class="text-gray-200">Experience with security technologies (specifically cloud platform and application security tools above)</span></li>
</ul>
<h3 class=" text-white font-semibold text-lg mb-2"><strong class=" font-semibold">Benefits</strong></h3>
<ul class=" text-base sm:text-lg marker:text-color list-inside list-disc text-gray-500 list-disc list-outside pl-3 mb-6">
<li class=" leading-snug mb-2 pl-2"><span class="text-gray-200">Base salary band: $170,000 – $200,000</span></li>
<li class=" leading-snug mb-2 pl-2"><span class="text-gray-200">Compensation: competitive salary with a meaningful stake in the company via equity and our performance bonus program and 401k plan</span></li>
<li class=" leading-snug mb-2 pl-2"><span class="text-gray-200">Health & well-being: we’ll invest in your physical and mental well-being with comprehensive medical, dental, & vision benefits, One medical membership, and Talkspace to provide mental health support</span></li>
<li class=" leading-snug mb-2 pl-2"><span class="text-gray-200">Food & meals: in-office snacks and drinks, and $400 monthly stipend towards your lunches or groceries</span></li>
<li class=" leading-snug mb-2 pl-2"><span class="text-gray-200">Commuter benefits: We offer pre-tax deductions for public transportation, rideshare services, and parking expenses to make your commute more affordable and convenient.</span></li>
<li class=" leading-snug mb-2 pl-2"><span class="text-gray-200">Grow together: Company wide orientation for you to successfully onboard and other learning & development opportunities including regular review cycles that feature 360 degree feedback</span></li>
<li class=" leading-snug mb-2 pl-2"><span class="text-gray-200">Play together: quarterly budgets for team and company outings. Use it for team swag, cooking classes or team dinners!</span></li>
<li class=" leading-snug mb-2 pl-2"><span class="text-gray-200">Generous time off: flexible paid time off, sick days, and 11 company holidays</span></li>
<li class=" leading-snug mb-2 pl-2"><span class="text-gray-200">Baby bonding time!: 3 months off for birthing parents and 2 months off for non-birthing parents – fully paid so you can focus your energy on your newest addition</span></li>
</ul>
<p class=" text-gray-200 text-base sm:text-lg leading-relaxed mb-3">This Base Compensation pay range applies to our New York City located staff and may differ according to location.</p>
<p class=" text-gray-200 text-base sm:text-lg leading-relaxed mb-3">New York Base Compensation Pay Range</p>
<p class=" text-gray-200 text-base sm:text-lg leading-relaxed mb-3">$170,000—$200,000 USD</p>
<p class=" text-gray-200 text-base sm:text-lg leading-relaxed mb-3"><em>Throughout the interview process, please remember that emails will only be from</em> <a href="http://valon.com/" target="_blank" class="break-all font-medium underline hover:opacity-75" rel="noopener noreferrer nofollow"><em>valon.com</em></a> <em>emails. We won’t ever be asking for any personally identifiable information during the interview process itself. Please reach out to talent@valon.com if you have any requests to verify the authenticity of an outreach.</em></p>
<p class=" text-gray-200 text-base sm:text-lg leading-relaxed mb-3"><em>Valon is an equal opportunity employer that is committed to diversity and inclusion in the workplace. We prohibit discrimination and harassment of any kind based on race, color, sex, religion, sexual orientation, national origin, disability, genetic information, pregnancy, or any other protected characteristic as outlined by federal, state, or local laws. Valon makes hiring decisions based solely on qualifications, merit, and business needs at the time.</em></p>