Staff Cloud Security Engineer

About Temporal Technologies

Temporal is an open-source programming model designed to simplify code, enhance application reliability, and empower developers to focus on delivering features faster. Our mission is to be the dependable foundation for every developer's toolkit, and we are actively building the team to achieve this. Our core values—curiosity, drive, collaboration, genuineness, and humility—guide our actions, decisions, and teamwork.

We are a growing company seeking individuals who share our values, challenge conventional thinking, and are eager to influence our future. If you are passionate about improving the developer experience, building world-class open-source software and communities, and want to be part of an exceptional team, we encourage you to apply.

About the Role: Staff Cloud Security Engineer

Join our dynamic team as a Staff Cloud Security Engineer. In this pivotal role, you will be responsible for securing the Temporal cloud environment for our customers. You will collaborate closely with our infrastructure and software engineering teams, as well as our customers, to embed security deeply into our platform across multiple cloud providers. A key aspect of this role will be shaping our responsible use of AI in both infrastructure and engineering processes. We are looking for individuals passionate about enabling engineering teams to build and ship securely, acting as trusted security partners across the organization.

Key Responsibilities

• Collaborate with product and engineering teams to integrate security principles into the design and architecture of cloud infrastructure across multiple clouds (AWS, GCP, Azure, and others).
• Secure Temporal's core platform components, including the workflow engine, task queue architecture, and worker execution model, identifying attack surfaces unique to durable, stateful distributed systems.
• Conduct threat modeling and risk assessments to identify vulnerabilities and potential attack vectors across our multi-cloud environment, with a particular focus on workflow execution, task queue integrity, and client-server trust boundaries.
• Secure Temporal's gRPC-based communication layer, including mTLS certificate management, service mesh configuration, and API authentication.
• Manage cloud security posture using tools such as Wiz, including misconfiguration detection, compliance monitoring, and remediation across all three cloud providers.
• Stay current on emerging cloud security standards and guidance (e.g., CSA Cloud Controls Matrix, CIS Benchmarks) and translate these into actionable internal policy.
• Participate in an on-call rotation.

Requirements

• Bachelor’s degree in Computer Science, Cybersecurity, or a related field (or equivalent experience).
• 5+ years of experience in cloud security or a related role.
• Proven experience partnering with engineering teams, providing security expertise for infrastructure access and security posture.
• Experience with Kubernetes security posture management and auditing, including workload hardening, RBAC design, and admission control.
• Demonstrated experience with multi-tenant security architecture, including data plane isolation, control plane hardening, and cross-tenant data leakage prevention.
• Strong perspectives on the use of AI in various areas (assessments, threat models, penetration testing, etc.).
• A deep understanding of application architecture and design principles, with the ability to effectively identify vulnerabilities across multiple programming languages.
• Experience with secrets management at scale (e.g., HashiCorp Vault, AWS Secrets Manager) and payload encryption patterns such as codec servers for protecting sensitive workflow data.
• Proficiency in Go; familiarity with Python. (Go is Temporal's primary server and SDK language).
• Strong command of gRPC security, mTLS, and service mesh architectures (Istio, Envoy).
• Excellent communication skills, with the ability to explain complex security concepts to non-technical stakeholders.
• Excellent collaboration skills.

Nice to Have

• Prior experience with Temporal, Cadence, or similar workflow orchestration platforms, and an understanding of workflow history, replay semantics, and scheduling internals.
• Experience with FedRAMP, SOC 2 Type II, or ISO 27001, particularly in the context of cloud-native SaaS.
• Contributions to open-source automation projects.
• Expertise in other security domains (AppSec, CorpSec, GRC).
• Experience giving security conference talks or publishing research.

Compensation and Benefits

• Estimated Salary Range: $225,000 - $275,000, depending on qualifications and location.
• Eligible to participate in Temporal's equity plan.

U.S. Benefits:

• Unlimited Paid Time Off (PTO), 12 Holidays + 2 Floating Holidays.
• 100% premium coverage for Medical, Dental, and Vision insurance.
• Accidental Death & Dismemberment (AD&D), Long-Term & Short-Term Disability, and Life Insurance (Standard & Supplemental options available).
• Empower 401K Plan.
• Additional perks for