Senior Product Security Engineer

Base Salary Range: 118000 - 184000
Company Description
Nexthink is the leader in digital employee experience management software. The company provides IT leaders with unprecedented insight allowing them to see, diagnose and fix issues at scale impacting employees anywhere, with any application or network, before employees notice the issue. As the first solution to allow IT to progress from reactive problem solving to proactive optimization, Nexthink enables its more than 1,200 customers to provide better digital experiences to more than 15 million employees. Dual headquartered in Lausanne, Switzerland and Boston, Massachusetts, Nexthink has 9 offices worldwide.
Job Description
As a scale-up experiencing rapid growth, we are looking for a highly experienced and driven Senior Product Security Engineer to join our Security team. This role is critical to the security, resilience, and operational excellence of our FedRAMP cloud environment and broader SaaS platform.
We are seeking a senior security engineer who can take ownership of complex cloud security challenges, drive technical decisions, and help shape the future of our cloud security program. You will play a key role in designing, operating, hardening, and continuously improving a secure AWS-based environment, with a strong focus on FedRAMP requirements, automation, incident response, and scalable security architecture.
This is an opportunity for someone who thrives in high-impact environments, enjoys tackling difficult technical problems, and wants to help build secure, resilient systems at scale.
What you'll do

• Serve as a core member of the Cloud Security team with significant influence on the direction, priorities, and execution of the cloud security program.
• Own, operate, maintain, and improve our FedRAMP cloud environment, ensuring it meets high standards for security, availability, compliance, and operational excellence.
• Design, implement, and maintain a secure, scalable, and resilient AWS cloud infrastructure, covering both the cloud platform and the applications running on it.
• Build and improve security controls across cloud resources, including networking, compute, storage, logging, monitoring, and IAM.
• Lead the hardening of AWS environments and Kubernetes-based platforms, applying security best practices and secure-by-default patterns.
• Drive the automation of security controls, operational processes, and compliance requirements to reduce manual effort and human error.
• Partner closely with SRE, platform, and engineering teams to ensure services are deployed and operated securely in highly regulated environments.
• Develop, maintain, and continuously improve incident response capabilities for cloud environments, including detection, containment, investigation, recovery, and post-incident analysis.
• Respond to security incidents, perform deep technical investigations, and drive remediation and long-term corrective actions.
• Proactively identify and mitigate security risks through threat-informed assessments, vulnerability management, and continuous cloud security reviews, including the use of tools such as CNAPP.
• Manage and improve security tooling and services such as SIEM, EDR, cloud-native security tooling, and monitoring platforms, while developing meaningful security and risk metrics.
• Contribute to the development and execution of our cloud security strategy, balancing business needs, engineering velocity, and regulatory obligations.
• Collaborate with engineering teams to understand system designs, guide secure architecture decisions, and help solve complex technical security problems.
• Contribute to cloud security education and training for engineering teams, helping raise the overall security maturity of the organization.
• Stay current on emerging cloud threats, AWS security capabilities, attacker techniques, and industry best practices, and translate that knowledge into practical improvements.

Qualifications
What you'll need

• 7+ years of hands-on experience designing, building, securing, and operating cloud infrastructure on AWS, including deep practical knowledge of AWS security services, architecture patterns, and operational best practices.
• Proven experience working in high-security and regulated cloud environments, with strong familiarity with FedRAMP and SOC 2 requirements.
• Strong hands-on expertise with Kubernetes, container security, and modern infrastructure platforms.
• Strong experience with infrastructure as code and automation tooling such as Terraform/OpenTofu, Terragrunt, Ansible, Crossplane, Jenkins, and GitHub Actions.
• Demonstrated ability to design and implement scalable security automation and DevSecOps practices.
• Strong experience in incident response, security monitoring, investigation, and remediation in cloud-native environments.
• Deep understanding of IAM, least privilege, identity architecture, and access control best practices in AWS.
• Strong knowledge of network security, including segmentation, firewalls, VPNs, intrusion detection, and secure connectivity patterns in cloud environments.
• Experience managing and tuning security tools and platforms, including SIEM, EDR, vulnerability management, and cloud security posture tools.
• Excellent troubleshooting, analytical, and problem-solving skills, with the ability to work through complex technical and operational challenges.
• Ability to operate with a high degree of ownership, make sound technical decisions, and drive initiatives from design through implementation and continuous improvement.
• Strong communication and collaboration skills, with the ability to clearly explain technical security concepts to both technical and non-technical stakeholders.
• A proactive, hands-on mindset and a strong commitment to building secure, resilient, and maintainable systems.
• Fluent in English, written and spoken.

What will make you stand out

• Experience securing and operating FedRAMP-authorized or similarly regulated SaaS environments.
• Experience with additional cloud platforms such as Azure.
• Proficiency in Python or Golang; JavaScript/TypeScript is a plus.
• Knowledge of security standards and frameworks such as CIS Benchmarks, NIST, and ISO 27001.
• Experience influencing security architecture across multiple engineering teams and driving adoption of security best practices at scale.

Who you are

• You are a senior-level engineer who enjoys taking on difficult technical problems and solving them pragmatically.
• You are comfortable owning critical security infrastructure and making decisions in complex, fast-moving environments.
• You combine strong technical depth with sound judgment and a practical approach to risk reduction.
• You advocate for high security standards while enabling engineering teams to move effectively.
• You are curious, adaptable, and motivated by continuous improvement.

Additional Information
We are the pioneers and trailblazers of a global IT Market Category (DEX) that is shaping the future of how the world works, giving our customers' IT Teams total digital visibility across their enterprise. Our innovative solutions integrate real-time analytics, automation, and employee feedback across all endpoints. This enables our IT teams to solve complex technical challenges, create ever more productive workplaces, and deliver happy, satisfied employees in the digital workplace.
Total Rewards @ Nexthink
At Nexthink, we offer one of the most comprehensive and generous benefits plans. Your total rewards compensation package includes base salary and may also include a commission or performance bonus plan. We provide our US employees with 100% covered company benefits that consist of health, dental, vision as well as access to life insurance, long-term disability, and accidental death/personal loss coverage.
In addition, we offer:

• Flexible Hours and unlimited vacation (employees have unlimited paid time off on top of the 15 days of holidays we offer), 11 company-paid holidays, and 3 extra days for volunteering.
• Hybrid work model that balances office and remote work, with structured onboarding to foster connections and team integration.
• Free access to professional training platforms to explore your interests and enhance your skills.
• Up to 16 weeks of paid leave for birthing parents/primary caregivers, 6 weeks for secondary caregivers.
• Plan for the future with a 401(k) plan featuring up to 4% company matching contributions, vesting immediately, to grow your retirement savings.
• Bonuses for referring successful hires after three months of continuous employment.

Base salary ranges are determined by country, role, level, experience, and skills. The range displayed on each job posting reflects Nexthink's good faith determination of the minimum and maximum targets for new hire salaries across all US locations. Individual pay is determined by related factors, including job skills, experience, and relevant education or training, which may impact a final offer. Your Talent Acquisition Partner can share more about the specific salary range during the hiring process.