Senior Product Security Engineer

Company Description:

Nexthink is the leader in digital employee experience management software. The company provides IT leaders with unprecedented insight allowing them to see, diagnose and fix issues at scale impacting employees anywhere, with any application or network, before employees notice the issue. As the first solution to allow IT to progress from reactive problem solving to proactive optimization, Nexthink enables its more than 1,200 customers to provide better digital experiences to more than 15 million employees. Dual headquartered in Lausanne, Switzerland and Boston, Massachusetts, Nexthink has 9 offices worldwide.

Job Description:

As a scale-up experiencing rapid growth, we are looking for a highly experienced and driven Senior Product Security Engineer to join our Security team. This role is critical to the security, resilience, and operational excellence of our FedRAMP cloud environment and broader SaaS platform.

We are seeking a senior security engineer who can take ownership of complex cloud security challenges, drive technical decisions, and help shape the future of our cloud security program. You will play a key role in designing, operating, hardening, and continuously improving a secure AWS-based environment, with a strong focus on FedRAMP requirements, automation, incident response, and scalable security architecture.

This is an opportunity for someone who thrives in high-impact environments, enjoys tackling difficult technical problems, and wants to help build secure, resilient systems at scale.

What you’ll do

• Serve as a core member of the Cloud Security team with significant influence on the direction, priorities, and execution of the cloud security program.
• Own, operate, maintain, and improve our FedRAMP cloud environment, ensuring it meets high standards for security, availability, compliance, and operational excellence.
• Design, implement, and maintain a secure, scalable, and resilient AWS cloud infrastructure, covering both the cloud platform and the applications running on it.
• Build and improve security controls across cloud resources, including networking, compute, storage, logging, monitoring, and IAM.
• Lead the hardening of AWS environments and Kubernetes-based platforms, applying security best practices and secure-by-default patterns.
• Drive the automation of security controls, operational processes, and compliance requirements to reduce manual effort and human error.
• Partner closely with SRE, platform, and engineering teams to ensure services are deployed and operated securely in highly regulated environments.
• Develop, maintain, and continuously improve incident response capabilities for cloud environments, including detection, containment, investigation, recovery, and post-incident analysis.
• Respond to security incidents, perform deep technical investigations, and drive remediation and long-term corrective actions.
• Proactively identify and mitigate security risks through threat-informed assessments, vulnerability management, and continuous cloud security reviews, including the use of tools such as CNAPP.
• Manage and improve security tooling and services such as SIEM, EDR, cloud-native security tooling, and monitoring platforms, while developing meaningful security and risk metrics.
• Contribute to the development and execution of our cloud security strategy, balancing business needs, engineering velocity, and regulatory obligations.
• Collaborate with engineering teams to understand system designs, guide secure architecture decisions, and help solve complex technical security problems.
• Contribute to cloud security education and training for engineering teams, helping raise the overall security maturity of the organization.
• Stay current on emerging cloud threats, AWS security capabilities, attacker techniques, and industry best practices, and translate that knowledge into practical improvements.

What you’ll need

• 7+ years of hands-on experience designing, building, securing, and operating cloud infrastructure on AWS, including deep practical knowledge of AWS security services, architecture patterns, and operational best practices.
• Proven experience working in high-security and regulated cloud environments, with strong familiarity with FedRAMP and SOC 2 requirements.
• Strong hands-on expertise with Kubernetes, container security, and modern infrastructure platforms.
• Strong experience with infrastructure as code and automation tooling such as Terraform/OpenTofu, Terragrunt, Ansible, Crossplane, Jenkins, and GitHub Actions.
• Demonstrated ability to design and implement scalable security automation and DevSecOps practices.
• Strong experience in incident response, security monitoring, investigation, and remediation in cloud-native environments.
• Deep understanding of IAM, least privilege, identity architecture, and access control best practices in AWS.
• Strong knowledge of network security, including segmentation, firewalls, VPNs, intrusion detection, and secure connectivity patterns in cloud environments.
• Experience managing and tuning security tools and platforms, including SIEM, EDR, vulnerability management, and cloud security posture tools.
• Excellent troubleshooting, analytical, and problem-solving skills, with the ability to work through complex technical and operational challenges.
• Ability to operate with a high degree of ownership, make sound technical decisions, and drive initiatives from design through implementation and continuous improvement.
• Strong communication and collaboration skills, with the ability to clearly explain technical security concepts to both technical and non-technical stakeholders.
• A proactive, hands-on mindset and a strong commitment to building secure, resilient, and maintainable systems.
• Fluent in English, written and spoken.

What will make you stand out

• Experience securing and operating FedRAMP-authorized or similarly regulated SaaS environments.
• Experience with additional cloud platforms such as Azure.
• Proficiency in Python or Golang