Application and Cloud Security Engineer

Real is a fast-growing national real estate brokerage powered by technology. Real is currently operating in all U.S. states, Canada, India, and the District of Columbia. Founded in 2014, Real is a trailblazer in the Residential Real Estate industry, as we lead the disruption with our cutting-edge technology platform. We are on a mission to revolutionize the home-buying and selling process, making agents' lives better while creating lucrative financial opportunities for them.

For more information, visit https://www.onereal.com/

Location: US based remote position, candidates outside of the US will not be considered.

Job Summary:

We are seeking an Application and Cloud Security Engineer to join our IT team at Real. The ideal candidate will lead the integration of security best practices into our software development and infrastructure operations. In this role, you will work closely with engineering teams to embed security into CI/CD pipelines, harden Kubernetes clusters, and safeguard our applications, cloud services, and containerized environments. You will proactively identify and mitigate security risks, ensuring the resilience and integrity of our critical systems while enabling secure, scalable growth.

Duties/Responsibilities:

Application Security

• Integrate AppSec throughout the SDLC: secure design, threat modeling, code reviews.

• Automate SAST/DAST/IAST tools in pipelines and triage vulnerabilities.

• Support bug bounty, security releases, and secure architecture reviews.

Cloud Security

• Design and implement cloud security controls in AWS/GCP.

• Build IAM policies, encryption strategies, logging, and network segmentation.

• Perform cloud vulnerability assessments and pen tests, integrating IaC validation.

Kubernetes Security

• Harden Kubernetes clusters: nodes, control plane, network policies, and CNI.

• Audit K8s deployments vs. benchmarks (e.g., CIS).

• Implement RBAC, pod policies, security contexts, and mesh security (mTLS).

• Integrate security tools like Trivy, Falco, kube-bench, and manage supply-chain risks using admission/webhooks.

Security Engineering & Automation

• Develop internal security tooling and scripts.

• Assist with incident response involving apps, clouds, or K8s environments.

• Enhance metrics and tooling for vulnerability tracking and security posture.
  

Required Skills/Abilities:

• Secure coding and threat modeling using OWASP/NIST/CSA frameworks.

• Scripting languages like Python, Go, or Bash.

• Kubernetes ecosystem: Helm, Terraform, Prometheus, service mesh tools.

• Vulnerability scanners: Trivy, kube-bench, Falco.

• Cloud-native monitoring and CSPM/CNAPP familiarity.

• Strong communicator who mentors dev and infra teams.

• Analytical with a security-first mindset, focus on detection, prevention, and response.

• Able to distill complex security issues for technical and executive audiences.

Education and Experience:

• Bachelor’s in CS, Engineering, or equivalent.

• 3+ years in AppSec, CloudSec, or K8s security.

• Hands-on with SAST/DAST, CI/CD tools, and cloud-native security.

• Proficiency with Kubernetes security best practices (pods, policies, RBAC).

• Familiar with cloud platforms: AWS, Azure, or GCP, especially securing container workloads.

Must Have:

• Ability to truly encompass our Company Core Values

  • Work Hard, Be Kind

  • Tech x Humanity

  • “We” are bigger than “me”

Real is proud to be an equal opportunity workplace employer. We are committed to equal employment opportunities regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity or Veteran status.