Cloud Security Engineer III

Sheetz, Inc•Pittsburgh, PA

1d•$95,351 - $158,922

About The Position

This role is focused on helping teams build and operate in the cloud safely, consistently, and at scale. As a Cloud Security Engineer II, you’ll design secure cloud foundations, strengthen identity and access controls, and implement guardrails that allow engineering teams to move fast without introducing unnecessary risk. You’ll partner closely with cloud, infrastructure, and application teams to ensure security is built in, not bolted on. You’ll work hands-on with modern, cloud-native technologies across AWS, Azure, and GCP Your work will directly influence how the entire organization designs and secures cloud environments Automation is core to the role, you’ll reduce manual effort by building repeatable, scalable security controls The cloud evolves rapidly, with new services, features, and risks emerging constantly Identity and access decisions are critical, small misconfigurations can have large impacts Success requires systems-level thinking, securing platforms and patterns rather than individual accounts or applications Sheetz’s future is increasingly cloud-driven. The decisions you make in this role will help define the company’s cloud security posture for years to come, enabling innovation while protecting the business, our customers, and our brand.

Requirements

Bachelor’s degree in Computer Science, Engineering or related field required.
Minimum 5 years of hands-on experience in cloud cybersecurity roles, with at least 3 years in Cloud Security Engineering required
Previous exposure utilizing cloud provider native security solutions in at least one of AWS, GCP, or Azure required
Maintain a continuous personal professional development program; this level requires CISSP certification and commitment to pursue additional training or certifications in risk, security, governance, compliance (e.g., CISSP-ISSEP, CISSP-ISSAP, CISSP-ISSMP, GICSP, GMOB, GCIH, CRCMP, CISA, CGEIT, CRISC, CRMA, CORP, advanced degree)
General Office Equipment

Nice To Haves

Previous exposure to IP, TCP/IP, and other network administration protocols preferred
Previous exposure to Windows and Linux systems preferred

Responsibilities

Design and architect scalable, resilient cloud security solutions that align with organizational risk tolerance, regulatory requirements, and industry best practices.
Serve as the subject matter expert (SME) for cloud security across AWS, Azure, and GCP, providing guidance on identity and access management, network security, data protection, logging, and monitoring.
Lead cloud-based security incident response efforts, including detection, investigation, containment, remediation, and post-incident analysis.
Integrate security controls into CI/CD pipelines by implementing secure build, test, and deployment practices, including automated security testing and policy enforcement.
Review Infrastructure-as-Code (IaC) templates and configurations to ensure secure design patterns, compliance with standards, and prevention of misconfigurations.
Evaluate, recommend, and deploy cloud security tools and services (e.g., CSPM, CWPP, CIEM, SIEM integrations) to enhance visibility, threat detection, and risk management.
Collaborate closely with platform engineering, DevOps, architecture, and compliance teams to embed security into cloud solutions without impeding delivery velocity.
Conduct cloud risk assessments and threat modeling for new and existing services, identifying vulnerabilities and recommending mitigation strategies.
Drive remediation of complex cloud security issues by prioritizing risk, coordinating cross-functional efforts, and validating corrective actions.
Develop, document, and maintain cloud security standards, policies, reference architectures, and best practices to ensure consistent and secure cloud adoption.
Maintain up-to-date, in-depth knowledge of the cloud security landscape, including emerging threats, attack techniques, regulatory changes, and evolving security technologies.
Participate in an on-call rotation to provide evening and weekend support as needed. As Sheetz operates 24/7/365, internal and external customers may require support at any time.