Senior Product Security Engineer

Nexthink is the leader in digital employee experience management software. The company provides IT leaders with unprecedented insight allowing them to see, diagnose and fix issues at scale impacting employees anywhere, with any application or network, before employees notice the issue. As the first solution to allow IT to progress from reactive problem solving to proactive optimization, Nexthink enables its more than 1,200 customers to provide better digital experiences to more than 15 million employees. Dual headquartered in Lausanne, Switzerland and Boston, Massachusetts, Nexthink has 9 offices worldwide.

As a scale-up experiencing rapid growth, we are looking for a highly experienced and drivenSenior Product Security Engineer to join our Security team. This role is critical to the security, resilience, and operational excellence of ourFedRAMP cloud environment and broader SaaS platform.

We are seeking a senior security engineer who can take ownership of complex cloud security challenges, drive technical decisions, and help shape the future of our cloud security program. You will play a key role in designing, operating, hardening, and continuously improving a secure AWS-based environment, with a strong focus onFedRAMP requirements, automation, incident response, and scalable security architecture.

This is an opportunity for someone who thrives in high-impact environments, enjoys tackling difficult technical problems, and wants to help build secure, resilient systems at scale.

What you’ll do

• Serve as a core member of the Cloud Security team with significant influence on the direction, priorities, and execution of the cloud security program.
• Own, operate, maintain, and improve our FedRAMP cloud environment, ensuring it meets high standards for security, availability, compliance, and operational excellence.
• Design, implement, and maintain asecure, scalable, and resilient AWS cloud infrastructure, covering both the cloud platform and the applications running on it.
• Build and improve security controls across cloud resources, includingnetworking, compute, storage, logging, monitoring, and IAM.
• Lead the hardening of AWS environments and Kubernetes-based platforms, applying security best practices and secure-by-default patterns.
• Drive the automation of security controls, operational processes, and compliance requirements to reduce manual effort and human error.
• Partner closely with SRE, platform, and engineering teams to ensure services are deployed and operated securely in highly regulated environments.
• Develop, maintain, and continuously improveincident response capabilities for cloud environments, including detection, containment, investigation, recovery, and post-incident analysis.
• Respond to security incidents, perform deep technical investigations, and drive remediation and long-term corrective actions.
• Proactively identify and mitigate security risks through threat-informed assessments, vulnerability management, and continuous cloud security reviews, including the use of tools such asCNAPP.
• Manage and improve security tooling and services such asSIEM, EDR, cloud-native security tooling, and monitoring platforms, while developing meaningful security and risk metrics.
• Contribute to the development and execution of our cloud security strategy, balancing business needs, engineering velocity, and regulatory obligations.
• Collaborate with engineering teams to understand system designs, guide secure architecture decisions, and help solve complex technical security problems.
• Contribute to cloud security education and training for engineering teams, helping raise the overall security maturity of the organization.
• Stay current on emerging cloud threats, AWS security capabilities, attacker techniques, and industry best practices, and translate that knowledge into practical improvements.

What you’ll need

• 7+ years of hands-on experience designing, building, securing, and operating cloud infrastructure onAWS, including deep practical knowledge of AWS security services, architecture patterns, and operational best practices.
• Proven experience working inhigh-security and regulated cloud environments, with strong familiarity withFedRAMP andSOC 2 requirements.
• Strong hands-on expertise withKubernetes, container security, and modern infrastructure platforms.
• Strong experience withinfrastructure as code and automation tooling such asTerraform/OpenTofu, Terragrunt, Ansible, Crossplane, Jenkins, and GitHub Actions.
• Demonstrated ability to design and implement scalable security automation andDevSecOps practices.
• Strong experience inincident response, security monitoring, investigation, and remediation in cloud-native environments.
• Deep understanding ofIAM, least privilege, identity architecture, and access control best practices in AWS.
• Strong knowledge ofnetwork security, including segmentation, firewalls, VPNs, intrusion detection, and secure connectivity patterns in cloud environments.
• Experience managing and tuning security tools and platforms, includingSIEM, EDR, vulnerability management, and cloud security posture tools.
• Excellent troubleshooting, analytical, and problem-solving skills, with the ability to work throughcomplex technical and operational challenges.
• Ability to operate with a high degree of ownership, make sound technical decisions, and drive initiatives from design through implementation and continuous improvement.
• Strong communication and collaboration skills, with the ability to clearly explain technical security concepts to both technical and non-technical stakeholders.
• A proactive, hands-on mindset and a strong commitment to building secure, resilient, and maintainable systems.
• Fluent in English, written and spoken.

What will make you stand out

• Experience securing and operatingFedRAMP-authorized or similarly regulated SaaS environments.
• Experience with additional cloud platforms such asAzure.
• Proficiency inPython orGolang; JavaScript/TypeScript is a plus.
• Knowledge of security standards and frameworks such asCIS Benchmarks, NIST, and ISO 27001.
• Experience influencing security architecture across multiple engineering teams and driving adoption of security best practices at scale.

Who you are

• You are asenior-level engineer who enjoys taking on difficult technical problems and solving them pragmatically.
• You are comfortable owning critical security infrastructure and making decisions in complex, fast-moving environments.
• You combine strong technical depth with sound judgment and a practical approach to risk reduction.
• You advocate for high security standards while enabling engineering teams to move effectively.
• You are curious, adaptable, and motivated by continuous improvement.

We are the pioneers and trailblazers of a global IT Market Category (DEX) that is shaping the future of how the world works, giving our customers’ IT Teams total digital visibility across their enterprise. Our innovative solutions integrate real-time analytics, automation, and employee feedback across all endpoints. This enables our IT teams to solve complex technical challenges, create ever more productive workplaces, and deliver happy, satisfied employees in the digital workplace.

Total Rewards @ Nexthink

At Nexthink, we offer one of the most comprehensive and generous benefits plans.  Your total rewards compensation package includes base salary and may also include a commission or performance bonus plan.  We provide our US employees with100% covered company benefits that consist of health, dental, vision as well as access to life insurance, long-term disability, and accidental death/personal loss coverage. 

In addition, we offer: 

• 🏖️ Flexible Hours and unlimited vacation (employees have unlimited paid time off on top of the 15 days of holidays we offer), 11 company-paid holidays, and 3 extra days for volunteering.
• 🏡 Hybrid work model that balances office and remote work, with structured onboarding to foster connections and team integration.
• 📚 Free access to professional training platforms to explore your interests and enhance your skills.
• 🍼 Up to 16 weeks of paid leave for birthing parents/primary caregivers, 6 weeks for secondary caregivers.
• 💰 Plan for the future with a 401(k) plan featuring up to 4% company matching contributions, vesting immediately, to grow your retirement savings.
• 📣 Bonuses for referring successful hires after three months of continuous employment.

Base salary ranges are determined by country, role, level, experience, and skills. The range displayed on each job posting reflects Nexthink’s good faith determination of the minimum and maximum targets for new hire salaries across all US locations. Individual pay is determined by related factors, including job skills, experience, and relevant education or training, which may impact a final offer. Your Talent Acquisition Partner can share more about the specific salary range during the hiring process.