Location: Remote in Latam
Contract Type: Contractor
About Us
WebRTC.ventures is one of the few software development agencies in the world dedicated exclusively to real-time applications. Originally founded as AgilityFeat in 2010 (and still legally operating under that name), we began specializing in WebRTC in 2015. We are headquartered in Charlottesville, VA, with a QA/testing center in Panama City, Panama, and a remote office in Bogotá, Colombia. With primary operations in North and South America, we serve clients around the globe. Our team has always been remote—something that fuels our passion for real-time communications.
The Role
As Lead Cloud Security Engineer, you’ll be responsible for securing cloud infrastructure, hardening systems, and guiding security best practices across the engineering lifecycle. The ideal candidate is comfortable owning the security posture of our environments, is able to play a proactive role in threat detection, response, and prevention across our client and internal projects, has DevOps experience, and is a team player within cross-functional teams. Experience securing VoIP, media servers, or WebRTC infrastructure is a plus.
Fluent English is a must! B2+ or above is required for this client-facing role.
Key Responsibilities
● Secure AWS environments using IAM, VPCs, org-wide policies, logging, and threat detection tools.
● Manage and secure network architecture including VPNs, DNS, firewalls, and load balancers.
● Harden Linux systems and cloud instances (e.g., configure SSH, implement fail2ban/auditd/Trivy/Prowler, automate patching).
● Lead hands-on incident response, including root cause analysis, forensic log review, and kill switch execution.
● Secure and enforce best practices in Terraform/IaC deployments.
● Run regular vulnerability scans.
● Design and deploy VPN and zero-trust access strategies for internal tools and distributed teams.
● Review and assist in securing backend applications built with Node.js, Java, and Python.
● Partner with development teams to guide secure architecture and code decisions.
● Deploy and maintain security tooling such as WAFs, IDS/IPS, endpoint protection, etc. Minimum Technical Qualifications
Must Have:
● 4+ years of experience in infrastructure security, or a similar senior-level security engineering role.
● Background in DevOps or DevSecOps with a focus on infrastructure hardening and network security
● Strong hands-on experience securing cloud infrastructure (AWS) and Linux systems.
● Knowledge of common web application security flaws (e.g., OWASP Top 10).
● Familiarity with SOC2 or similar security/compliance frameworks.
● Experience with Terraform, IaC scanning, and secure deployment pipelines.
● Proficiency in security operations, vulnerability management, and incident response.
● Ability to work with development teams to advise and implement secure design
practices.
● Excellent written and verbal English (B2 or higher).
Nice to Have:
● AWS, security, or Kubernetes certifications.
● Strong experience with CI/CD pipelines, GitHub Actions, and secrets management
● Experience implementing frameworks like HIPAA, SOC 2, or ISO 27001.
● Hands-on with tools like Wazuh, Suricata, CrowdStrike, or OSQuery.
● Experience securing VoIP, media servers, or WebRTC infrastructure (e.g., Asterisk, FreeSWITCH, Janus, Jitsi, LiveKit)
● Experience with AI agents (e.g., chatbots, voice agents, LLMs).
General Qualifications
● Fluent English (B2+), both written and spoken
● Proactive, professional, respectful, and courteous communication
● An entrepreneurial mindset with the initiative and resourcefulness to quickly identify problems, overcome challenges, and provide timely solutions
● Experience working in agile teams using Scrum or Kanban methodologies
● Ability to work remotely with headset/camera equipment, responsive during working hours, a quiet place to work and reliable internet connection
All information must be submitted in English.