Cloud Security Engineer

Security Risk Advisors•Philadelphia, PA

6d•Hybrid

About The Position

Security Risk Advisors Intl., LLC (SRA) is offering a Cloud Security Engineer position. This role is responsible for designing, implementing, and maintaining security controls across SRA's multi-cloud environment, spanning Microsoft Azure/Entra ID, Google Cloud Platform (GCP), and Amazon Web Services (AWS). The Cloud Security Engineer will work closely with internal IT, security operations, and engineering teams to ensure cloud infrastructure is deployed and maintained in a secure, compliant, and resilient manner.

Requirements

In-depth understanding of: Microsoft Azure and Entra ID, including conditional access, PIM, and Defender for Cloud
In-depth understanding of: Google Cloud Platform (GCP) security services, including Security Command Center, IAM, and VPC Service Controls
In-depth understanding of: Amazon Web Services (AWS) security services, including IAM, GuardDuty, Security Hub, and AWS Config
In-depth understanding of: Cloud identity and access management principles and zero trust architecture
Working knowledge of: Cloud Security Posture Management (CSPM) and Cloud Workload Protection Platforms (CWPP)
Working knowledge of: Infrastructure-as-Code (IaC) tools such as Terraform, Bicep, or CloudFormation
Working knowledge of: Networking concepts as applied to cloud environments (VPCs, peering, private endpoints, firewalls)
Working knowledge of: SIEM and EDR technologies in cloud-integrated environments
Experience with: CI/CD pipeline security and DevSecOps practices
Experience with: Organizing or supporting penetration testing, purple team exercises, or cloud-focused security assessments
Experience with: Compliance frameworks relevant to cloud environments (e.g., CIS Benchmarks, NIST CSF, SOC 2)
Moderate experience with: Scripting and automation using Python, PowerShell, or Bash
Moderate experience with: Automation via tools such as Power Automate, Logic Apps, or cloud-native orchestration services
Punctuality and timely attendance to external client and internal stakeholder needs.
A bachelor's degree in Information Technology, Computer Science, or a similar field of study, or equivalent experience.
3+ years of hands-on experience in cloud security engineering or a related role, with demonstrable experience across at least two of the three major cloud platforms (Azure, GCP, AWS).
Relevant cloud security certifications preferred (e.g., AZ-500, SC-100, Google PCSE, AWS Security Specialty).
A passion for learning about cloud security, emerging technologies, and threat landscapes.
Excellent verbal and written communication skills.
Strong time management and organizational skills.

Nice To Haves

Relevant cloud security certifications preferred (e.g., AZ-500, SC-100, Google PCSE, AWS Security Specialty).

Responsibilities

Design, implement, and maintain cloud security architectures across Azure/Entra ID, GCP, and AWS environments.
Administer and continuously improve cloud identity and access management (IAM) policies, roles, and privilege models across all three platforms.
Monitor cloud environments for misconfigurations, threats, and vulnerabilities using cloud-native and third-party security tooling (e.g., Defender for Cloud, Security Command Center, AWS Security Hub).
Operationalize cloud vulnerability and patch management processes, ensuring timely remediation of identified risks.
Implement and maintain Cloud Security Posture Management (CSPM) solutions to enforce security baselines and compliance standards.
Develop and enforce cloud security policies, standards, and guardrails (e.g., Azure Policy, GCP Organization Policies, AWS SCPs).
Collaborate with engineering and DevOps teams to embed security into CI/CD pipelines and infrastructure-as-code (IaC) workflows.
Conduct cloud security assessments and architecture reviews for new and existing environments.
Support incident response activities related to cloud infrastructure, including investigation, containment, and remediation.
Create and maintain technical documentation for cloud security architectures, configurations, and operational procedures.
Research and evaluate emerging cloud security technologies and provide recommendations for adoption.
Develop detection content and security analytics in SRA's internal SOC applicable to cloud environments.

Benefits

Robust internal training program, plus Company-paid external training.
Company-paid external training.
Company-paid training per year.
Free mental health support through BetterHelp.
Generous medical, dental, and vision benefits.
Company-paid disability insurance.
Company-paid life insurance.
Company 401(k) plan including annual 3% safe harbor contribution.
Free patient advocacy service.
Free financial advising.
Generous parental leave.
Generous sick leave.
Generous vacation policies.
Possibility to work remotely.
Possibility to work with a flexible schedule.
Company-paid cell phone.
Discounted cell phone accessories.
1-2-3 Give Program: SRA will give $1,000 to a charity of your choice. If you give an additional amount (up to $1,000), then SRA will match that amount up to $1,000.
Discounted pet insurance.
Discounted legal support.
Discounted voluntary life insurance.