Back to jobs
New

Staff Cloud Security Engineer

North Bethesda, MD

Xometry (NASDAQ: XMTR) powers the industries of today and tomorrow by connecting the people with big ideas to the manufacturers who can bring them to life. Xometry’s digital marketplace gives manufacturers the critical resources they need to grow their business while also making it easy for buyers at Fortune 1000 companies to tap into global manufacturing capacity.

Xometry is looking for a Staff Cloud Security Engineer to own our cloud security posture and runtime detection capabilities. This is a high-impact, individual contributor role focused on ensuring our live cloud environments and containerized workloads are hardened, continuously monitored, and generating the right signals for our security operations function.  This role is about detection architecture, posture management, and runtime visibility.

You will be the primary owner of our CrowdStrike platform, working closely with our MDR providers to ensure alert fidelity, tuning, and appropriate escalation. You will also evaluate and potentially implement a cloud SIEM.

This isn’t a role where you watch dashboards and write tickets. You’ll be the person who defines how we detect threats, decides how we respond to them, and has the autonomy to fix what you find.  If you’re tired of maintaining legacy tooling, navigating slow change management processes, or writing findings that disappear into a backlog, this is the opposite of that. We’re a SaaS-first company running a modern, cloud-native stack. We ship fixes, not tickets.

What You'll Contribute

  • Own CrowdStrike Falcon configuration, ensuring policies are appropriately scoped, tuned, and generating actionable alerts.
  • Partner with MDR to define alert routing, triage thresholds, and escalation logic, ensuring the right signals reach the right team.
  • Monitor cloud environments (primarily AWS) for security posture drift: misconfigured IAM roles, overly permissive security groups, exposed storage, and non-compliant resource configurations.
  • Secure Kubernetes clusters and containerized workloads: manage Network Policies, RBAC, Admission Controllers, and runtime detection for anomalous container behavior.
  • Develop and enforce cloud security policies and standards for AWS infrastructure, ensuring secure and scalable deployments align with organizational risk posture.
  • Evaluate and lead the implementation of additional detection tooling, including cloud SIEM platforms, designing detection rules and alerting pipelines.
  • Manage infrastructure as code (IaC) security using Terraform or OpenTofu — ensuring IaC definitions meet security standards before deployment.
  • Automate security posture checks and detection workflows using Python and shell scripting.
  • Stay current with the evolving cloud threat landscape and translate emerging threats into detection coverage or posture improvements.

What You Bring

  • Minimum 8 years of experience in cloud security, security engineering, or a related infrastructure security discipline.
  • Hands-on experience with a cloud security posture management (CSPM) platform — CrowdStrike, Wiz, Prisma Cloud, Orca, or equivalent. Prior CrowdStrike experience is a plus but not required.
  • Deep familiarity with AWS security architecture: IAM/SCP policy design, VPC networking, security groups, CloudTrail, and cloud-native security controls. GCP or Azure experience considered in lieu of AWS for strong candidates willing to expand into AWS.
  • Proficiency with infrastructure as code (IaC) tools such as Terraform, OpenTofu, or CloudFormation, with an understanding of how to enforce security standards within IaC workflows.
  • Strong Python and shell scripting skills for security automation, detection rule development, and tooling integration.
  • Must be a US Citizen or legal permanent resident (Xometry handles ITAR-controlled data).

Preferred 

  • AWS GovCloud experience.
  • Hands-on Kubernetes security experience: securing and managing production clusters, including Network Policies, RBAC, and Admission Controllers.
  • Experience with cloud-native SIEM solutions, including writing detection rules in Python or SQL.
  • Experience securing microservices architectures, including service mesh security (Istio or Linkerd).
  • Bachelor’s degree in Computer Science, Information Security, or a related field

The estimated base salary range for new hires into this role is $180,000- $200,000 annually + bonus depending on factors such as job-related skills, relevant experience, and location. We also offer a competitive benefits package, including 401(k) match, medical, dental and vision insurance; life and disability insurance; generous paid time off including vacation, sick leave, floating and fixed holidays, maternity and bonding leave; EAP, other wellbeing resources; and much more.

#LI-Hybrid

Xometry is an equal opportunity employer. All applicants will be considered for employment without attention to race, color, religion, sex, sexual orientation, gender identity, national origin, veteran, or disability status.

For US based roles: Xometry participates in E-Verify and after a job offer is accepted, will provide the federal government with your Form I-9 information to confirm that you are authorized to work in the U.S.

Create a Job Alert

Interested in building your career at Xometry? Get future opportunities sent straight to your email.

Apply for this job

*

indicates a required field

Phone
Resume/CV*

Accepted file types: pdf, doc, docx, txt, rtf

Cover Letter

Accepted file types: pdf, doc, docx, txt, rtf


Select...
Select...
Select...
Select...
Select...

Voluntary Self-Identification

For government reporting purposes, we ask candidates to respond to the below self-identification survey. Completion of the form is entirely voluntary. Whatever your decision, it will not be considered in the hiring process or thereafter. Any information that you do provide will be recorded and maintained in a confidential file.

As set forth in Xometry’s Equal Employment Opportunity policy, we do not discriminate on the basis of any protected group status under any applicable law.

Select...
Select...
Race & Ethnicity Definitions

If you believe you belong to any of the categories of protected veterans listed below, please indicate by making the appropriate selection. As a government contractor subject to the Vietnam Era Veterans Readjustment Assistance Act (VEVRAA), we request this information in order to measure the effectiveness of the outreach and positive recruitment efforts we undertake pursuant to VEVRAA. Classification of protected categories is as follows:

A "disabled veteran" is one of the following: a veteran of the U.S. military, ground, naval or air service who is entitled to compensation (or who but for the receipt of military retired pay would be entitled to compensation) under laws administered by the Secretary of Veterans Affairs; or a person who was discharged or released from active duty because of a service-connected disability.

A "recently separated veteran" means any veteran during the three-year period beginning on the date of such veteran's discharge or release from active duty in the U.S. military, ground, naval, or air service.

An "active duty wartime or campaign badge veteran" means a veteran who served on active duty in the U.S. military, ground, naval or air service during a war, or in a campaign or expedition for which a campaign badge has been authorized under the laws administered by the Department of Defense.

An "Armed forces service medal veteran" means a veteran who, while serving on active duty in the U.S. military, ground, naval or air service, participated in a United States military operation for which an Armed Forces service medal was awarded pursuant to Executive Order 12985.

Select...

Voluntary Self-Identification of Disability

Form CC-305
Page 1 of 1
OMB Control Number 1250-0005
Expires 04/30/2026

Why are you being asked to complete this form?

We are a federal contractor or subcontractor. The law requires us to provide equal employment opportunity to qualified people with disabilities. We have a goal of having at least 7% of our workers as people with disabilities. The law says we must measure our progress towards this goal. To do this, we must ask applicants and employees if they have a disability or have ever had one. People can become disabled, so we need to ask this question at least every five years.

Completing this form is voluntary, and we hope that you will choose to do so. Your answer is confidential. No one who makes hiring decisions will see it. Your decision to complete the form and your answer will not harm you in any way. If you want to learn more about the law or this form, visit the U.S. Department of Labor’s Office of Federal Contract Compliance Programs (OFCCP) website at www.dol.gov/ofccp.

How do you know if you have a disability?

A disability is a condition that substantially limits one or more of your “major life activities.” If you have or have ever had such a condition, you are a person with a disability. Disabilities include, but are not limited to:

  • Alcohol or other substance use disorder (not currently using drugs illegally)
  • Autoimmune disorder, for example, lupus, fibromyalgia, rheumatoid arthritis, HIV/AIDS
  • Blind or low vision
  • Cancer (past or present)
  • Cardiovascular or heart disease
  • Celiac disease
  • Cerebral palsy
  • Deaf or serious difficulty hearing
  • Diabetes
  • Disfigurement, for example, disfigurement caused by burns, wounds, accidents, or congenital disorders
  • Epilepsy or other seizure disorder
  • Gastrointestinal disorders, for example, Crohn's Disease, irritable bowel syndrome
  • Intellectual or developmental disability
  • Mental health conditions, for example, depression, bipolar disorder, anxiety disorder, schizophrenia, PTSD
  • Missing limbs or partially missing limbs
  • Mobility impairment, benefiting from the use of a wheelchair, scooter, walker, leg brace(s) and/or other supports
  • Nervous system condition, for example, migraine headaches, Parkinson’s disease, multiple sclerosis (MS)
  • Neurodivergence, for example, attention-deficit/hyperactivity disorder (ADHD), autism spectrum disorder, dyslexia, dyspraxia, other learning disabilities
  • Partial or complete paralysis (any cause)
  • Pulmonary or respiratory conditions, for example, tuberculosis, asthma, emphysema
  • Short stature (dwarfism)
  • Traumatic brain injury
Select...

PUBLIC BURDEN STATEMENT: According to the Paperwork Reduction Act of 1995 no persons are required to respond to a collection of information unless such collection displays a valid OMB control number. This survey should take about 5 minutes to complete.