Cloud Security Controls Engineering - VP

About The Position

Requirements

• 7+ years of hands-on experience in cloud security engineering, with a strong focus on infrastructure-as-code and deployment pipelines.
• Bachelor's degree in computer science, Information Security, or a related field, or equivalent experience.
• Proven experience designing and implementing policy-as-code controls using OPA (Rego) and/or Regular in production environments.
• Deep hands-on expertise with Terraform, including module design, state management, and secure configuration patterns.
• Strong experience integrating security controls into CI/CD pipelines, including gating and enforcement mechanisms.
• Demonstrated ability to translate security requirements into automated, testable, and enforceable controls at deploy-time.
• Solid understanding of cloud security architectures across AWS, Azure, and/or GCP, including IM, networking, and data protection controls.
• Experience implementing control validation and testing strategies, including policy unit testing, pipeline validation, and drift detection.
• Familiarity with CSPM platforms and the ability to align deploy-time controls with runtime detection and compliance models.
• Strong understanding of modern threat models, attack paths, and misconfigurations risks in cloud environments, and how to mitigate them through preventive controls.
• Experience building and maintaining reusable policy libraries and shared control frameworks at enterprise scale.
• Proven experience leading a team of engineers, including task prioritization, delivery oversight, and technical direction setting
• Demonstrated ability to mentor and develop engineers, particularly in policy-as-code, Terraform, and secure pipeline practices.
• Experience establishing code quality standards, review processes, and engineering best practices for IaC and policy development.
• Strong stakeholder management skills, with the ability to partner effectively with platform engineering, security architecture, and application teams.
• Ability to communicate complex technical concepts clearly to both engineering audiences and senior leadership.

Responsibilities

• Lead the design and implementation of deploy-time security controls for cloud services across Azure, AWS, and GCP, using OPA (Rego) and Regula
• Translate firm-wide configuration baseline requirements into enforceable policy-as-code controls integrated directly into Terraform workflows and CI/CD pipelines
• Own end-to-end control implementation lifecycle: requirement interpretation, policy authoring, testing, optimization, and deployment within engineering pipelines.
• Establish and maintain reusable policy libraries and modules to ensure consistency and scalability of controls across services and environments.
• Provide deep technical expertise in Terraform, infrastructure-as-code- patterns, and pipeline orchestration, ensuring secure and efficient deployments.
• Define and implement testing strategies for policy validation, including unit and integration testing.
• Identify gaps where requirements cannot be enforced at deploy-time and propose compensating controls or alternative enforcement points.
• Contribute to the evolution of a unified control framework, enabling consistent control logic across deploy-time and runtime evaluation points
• Contribute to cloud security strategy and standards.
• Lead and develop a team of engineers responsible for deploy-time control implementation, setting technical direction and ensuring high-quality delivery
• Provide hands-on mentorship and coaching in OPA/Rego, Regula, Terraform, and secure pipeline design.
• Manage performance, provide actionable feedback, and support career development for team members
• Foster a high-accountability, low-friction operating model, reducing handoffs and accelerating baseline delivery.

Benefits

• offering some of the most attractive and comprehensive employee benefits and perks in the industry.