Cloud Security Engineer, Sr

About The Position

Requirements

• 5–7+ years of experience in cloud security engineering or related roles.
• Deep practical knowledge of AWS and Azure security services.
• Proficiency with HashiCorp Terraform.
• Hands-on experience with Tenable, Qualys, Snyk, or similar vulnerability/scanning tools.
• Expertise in observability and incident management
• Strong understanding of: Identity and access management, Network security and zero trust principles, Encryption, key management, secrets management, Data privacy best practices
• Experience implementing security practices in GitOps environments.
• Strong communication and documentation abilities
• Collaborative mindset with a focus on partnering with engineering teams
• Ability to manage multiple priorities and drive security initiatives independently

Nice To Haves

• Certifications such as: AWS Security Specialty, Azure Security Engineer Associate, CISSP, CCSP, GIAC Cloud Security (GCSA/GCLD)
• Experience with: Policy-as-code frameworks (OPA/Rego, HashiCorp Sentinel)
• Experience with: Platform-as-a-Service and serverless services (AWS Lambda, DynamoDB, API Gateway, Azure Functions, etc.)
• Strong scripting skills (Python, Bash, PowerShell).

Responsibilities

• Design, implement, and maintain secure landing zones across AWS and Azure, using preventive guardrails to block deployment of security misconfigurations.
• Leverage cloud-native security services such as: AWS: IAM, KMS, Secrets Manager, Service Control Policies, Security Hub, GuardDuty, CloudTrail, Config, WAF, Inspector, etc. Azure: Azure AD, Defender for Cloud, Key Vault, Security Center, Sentinel, Policies, etc.
• Develop and enforce cloud security baselines, guardrails, and configuration standards.
• Support the creation and refinement of cloud control narratives that assert the security posture of our cloud landing zones.
• Implement deep observability to unify logs and metrics across multiple services to derive both real-time and historical insights.
• Develop, manage, and engage in code review of complex IAM policies that define cross-account access patterns, ensuring adherence to the Principle of Least Privilege.
• Implement Just-in-Time access workflows that avoid long-lived credentials.
• Support emerging use cases for cloud with bespoke IAM identity and policies that maintain security posture and data privacy.
• Utilize enterprise security tools such as Tenable, Qualys, and Snyk to identify, prioritize, and remediate vulnerabilities across cloud workloads.
• Track and report security posture improvements.
• Integrate automated scanning into CI/CD pipelines.
• Embed security early in the Secure Software Development Lifecycle (SSDLC).
• Partner with development teams to implement automated security testing.
• Integrate SAST, SCA, and IaC scanning tools into CI/CD pipelines.
• Write, review, and maintain Terraform configurations for cloud resource deployment.
• Implement automated security controls and monitoring via IaC.
• Build and maintain secure-by-default Terraform modules that enforce least privilege, encryption, and compliance requirements.
• Develop and fine-tune cloud security monitoring using native and third-party tools.
• Assist in cloud-focused incident management/response, log analysis, forensics, and root cause investigations.
• Develop detective, preventive, and proactive controls to identify, prevent, and remediate security misconfigurations and anomalous activity.
• Ensure cloud environments align with frameworks such as NIST, CIS Benchmarks, SOC2, and ISO27001.
• Perform continuous compliance checks using AWS Config, Azure Policies, Terraform policies (OPA), and scanning tools.
• Support internal and external cloud security audits.

Benefits

• competitive compensation with our salary and incentive program
• medical, dental, and vision insurance
• 401K
• continuing education opportunities
• employee assistance program