About PoshmarkPoshmark is a leading fashion resale marketplace powered by a vibrant, highly engaged community of buyers and sellers and real-time social experiences. Designed to make online selling fun, more social and easier than ever, Poshmark empowers its sellers to turn their closet into a thriving business and share their style with the world. Since its founding in 2011, Poshmark has grown its community to over 130 million users and generated over $10 billion in GMV, helping sellers realize billions in earnings, delighting buyers with deals and one-of-a-kind items, and building a more sustainable future for fashion. For more information, please visit www.poshmark.com, and for company news, visit newsroom.poshmark.com.Security team at Poshmark is responsible for securing our application platform, cloud infrastructure, and IT systems to protect Poshmark and its 60 million Community members. As a AWS and Infrastructure Security Engineer, you will collaborate with other security team members and other stakeholders to design and harden infrastructure, network and access implementing security best practices.Responsibilities:Design, implement and maintain secure AWS architecture aligned with industry standards, security best practices and CIS benchmarks.Harden corporate IT and SaaS applications (Okta, CrowdStrike, Jamf, etc.) through security best practices and layered defense.Develop and maintain cloud and infrastructure security reference architectures, and policies.Continuously assess and manage vulnerabilities across cloud, infrastructure, and endpoint systems.Conduct regular security gap analyses, security reviews, risk assessments, and drive remediation with system owners.Integrate infrastructure security into CI/CD pipelines and change management processes.Architect and enforce cloud and enterprise IAM controls with Okta and AWS IAM, focusing on least privilege, SSO, and federation.Strengthen endpoint and server protection through configuration management and continuous monitoring.Partner with Engineering, DevOps, SRE, IT, and Compliance teams to ensure security requirements are embedded throughout the infrastructure lifecycle.Help with incident response activities across AWS and corporate environments including detection, investigation, containment, eradication, and recovery.Mentor junior engineers and contribute to a culture of proactive, engineering-driven security.