ByteDance
Cybersecurity Engineer - Cloud Security
- Permanent
- Riyadh, Saudi Arabia
- Experience 0 - 2 yrs
Job expiry date: 15/04/2026
Job overview
Date posted
02/03/2026
Location
Riyadh, Saudi Arabia
Salary
Undisclosed
Compensation
Job description
The Cybersecurity Engineer - Cloud Security will join the Security team in Riyadh responsible for owning security for all services offered by Volcano Engine & BytePlus, a cloud service provider owned by ByteDance, including IaaS, PaaS and SaaS. The role focuses on designing and implementing robust cloud security architecture across physical hardware, operating system, cloud-native application, data security and privacy protection, insider threats and generative AI. The engineer will develop and enforce cloud security policies, standards, and procedures aligned with industry regulations and best practices, and conduct security risk assessments, security training, and vulnerability assessments to proactively identify and address security gaps. The position requires collaboration with cross-functional teams to integrate security controls into cloud products and underlying infrastructure, and staying abreast of emerging cloud security trends, technologies, and threats to provide guidance on security strategies and solutions. Candidates must be familiar with principles of common risks, attack and defense strategies, and systematically lead security architecture and risk governance. Required technical exposure includes cloud-native and infrastructure technologies such as network access, LLM, big data, storage, cloud computing, microservices, zero trust, container security technologies including Docker and Kubernetes, and serverless security best practices. Proficiency in at least one programming language among Golang, Python, Java, or NodeJS is required to perform code auditing/reviews and development. Knowledge of security frameworks and standards such as CIS Benchmarks, GDPR, and HIPAA is expected. Preferred qualifications include experience discovering major impactful vulnerabilities domestically or internationally, winning large-scale security competitions, leading or participating in large-scale governance, architecture, and design projects, strong understanding of cloud computing platforms such as AWS, Azure, and Google Cloud, and holding certifications including CISSP, CISM, OSCP, and GIAC Certifications.
Required skills
Key responsibilities
- Design and implement comprehensive cloud security architecture across IaaS, PaaS, and SaaS environments, covering physical hardware, operating system hardening, cloud-native application protection, data security and privacy protection controls, insider threats mitigation mechanisms, and security considerations for generative AI and LLM-based services, ensuring resilience and compliance with established security standards.
- Develop, document, and enforce cloud security policies, standards, and procedures aligned with CIS Benchmarks, GDPR, HIPAA, and industry best practices, embedding zero trust principles into network access, microservices architectures, big data platforms, storage systems, and serverless security configurations across the organization.
- Conduct comprehensive security risk assessments, vulnerability assessments, and technical reviews of cloud computing environments, including Docker and Kubernetes container security configurations, serverless security best practices, and API exposure, identifying security gaps and implementing remediation strategies.
- Perform secure code auditing and reviews using Golang, Python, Java, or NodeJS to evaluate application-layer risks, validate secure development practices, and ensure integration of security controls into cloud-native applications and underlying infrastructure components.
- Collaborate with cross-functional engineering, product, and infrastructure teams to integrate security controls into cloud products, ensuring secure-by-design implementation for network access, microservices, big data pipelines, storage services, and LLM-enabled generative AI capabilities.
- Lead and support systematic security architecture and risk governance initiatives, applying knowledge of attack and defense strategies to proactively strengthen detection, prevention, and response capabilities across the cloud ecosystem.
- Stay abreast of emerging cloud security trends, technologies, and threats across AWS, Azure, and Google Cloud platforms, providing expert guidance on evolving security strategies, participating in large-scale governance, architecture, and design projects, and contributing to continuous improvement of the overall security posture.
Experience & skills
- Demonstrate strong familiarity with the principles of common risks, attack and defense strategies, and the ability to systematically lead security architecture and risk governance initiatives across complex IaaS, PaaS, and SaaS cloud environments.
- Exhibit in-depth knowledge of cloud-native and infrastructure technologies including network access controls, LLM integrations, big data ecosystems, storage architectures, cloud computing models, microservices frameworks, and zero trust security principles.
- Possess hands-on experience with container security technologies such as Docker and Kubernetes, as well as implementing and reviewing serverless security best practices to secure distributed and scalable cloud-native workloads.
- Show proficiency in at least one programming language among Golang, Python, Java, or NodeJS, with practical capability in code auditing, secure code reviews, and development to identify vulnerabilities and enforce application security standards.
- Demonstrate knowledge of security frameworks and standards including CIS Benchmarks, GDPR, and HIPAA, with the ability to translate regulatory requirements into enforceable technical controls and documented cloud security policies and procedures.
- Provide evidence of experience in discovering major impactful vulnerabilities domestically or internationally or participating in large-scale security competitions, and contribute to large-scale governance, architecture, and design projects within cloud environments.
- Display strong understanding of major cloud computing platforms such as AWS, Azure, and Google Cloud, including their native security services and best practices, and preferably hold industry-recognized certifications such as CISSP, CISM, OSCP, or GIAC Certifications to validate technical and governance expertise.