Cloud Security Engineer

About The Position

Requirements

• Bachelor's degree or equivalent experience required.
• Proficiency in scripting and programming languages such as Python and Go.
• Demonstrated experience applying and upholding security governance frameworks, including security policy enforcement and compliance controls.
• Hands-on experience working with multi-cloud environments, particularly AWS and GCP.
• Strong experience with Kubernetes and containerized environments.
• Build, and implement security controls and frameworks.
• Experience implementing security guidelines (mTLS, OAuth2, JWT, RBAC, ABAC).
• Detect security gaps, and lead efforts to mature security tooling and operational processes.
• Work closely with product and platform teams to define system requirements, engineer, and implement cloud based security applications and controls.
• Write code to automate security processes which seamlessly integrate into code builds and deployments, applying DevSecOps processes and tools.
• Develop, and deploy automation solutions that help audit, secure, and affect changes across multi-cloud environments.
• Reviewing tools for improving platform availability using automated protection mechanisms.
• Experience with monitoring and observability tools (Grafana, Datadog).
• Research and recommend new technologies and collaborates on solutions.
• Excellent written and oral communication skills.
• Strong social skills include the ability to articulate to both technical and non-technical audiences.
• Strong analytical and problem-solving skills.

Nice To Haves

• Technical certifications or other demonstrations of passion in security and technology such as CISSP, CCSP are a plus!

Responsibilities

• Deep expertise with service mesh architectures (e.g., Istio, Kong) to enable secure & reliable east-west service communication.
• Extensive experience managing and configuring API gateways (e.g. Kong, Amazon API Gateway) for internal and external services, including authentication and authorization through OIDC, OAuth2, JWT, and mTLS, and secure API exposure and traffic governance.
• Strong experience managing PKI and certificate lifecycles, including issuance, rotation, and revocation.
• Practical experience deploying and managing mTLS within distributed systems and Kubernetes workloads.
• Experience integrating certificate authorities (CAs) and automating certificate management (e.g., cert-manager or similar tools).
• Understanding of trust models and certificate chain validation in zero-trust environments.
• Strong background in security hardening and zero-trust architecture, including enforcing default mTLS across workloads, carrying out infrastructure-level authentication and authorization, and crafting and maintaining fine-grained access control policies.
• Experience building and maintaining zero-trust security models across multi-cluster or distributed systems.
• Strong experience securing Kubernetes environments, including implementing namespace isolation and protection strategies, crafting and enforcing access controls and policies, and managing service accounts and workload identities securely.
• Familiarity with Kubernetes security guidelines, including least privilege access, network policies, and workload segmentation.
• Demonstrated experience applying and upholding security governance frameworks, including security policy enforcement and compliance controls.
• Hands-on experience working with multi-cloud environments, particularly AWS and GCP.
• Strong experience with Kubernetes and containerized environments.
• Build, and implement security controls and frameworks.
• Experience implementing security guidelines (mTLS, OAuth2, JWT, RBAC, ABAC).
• Detect security gaps, and lead efforts to mature security tooling and operational processes.
• Work closely with product and platform teams to define system requirements, engineer, and implement cloud-based security applications and controls.
• Write code to automate security processes which seamlessly integrate into code builds and deployments, applying DevSecOps processes and tools.
• Develop, and deploy automation solutions that help audit, secure, and affect changes across multi-cloud environments.
• Reviewing tools for improving platform availability using automated protection mechanisms.
• Experience with monitoring and observability tools (Grafana, Datadog).
• Research and recommend new technologies and collaborates on solutions.
• Excellent written and oral communication skills.
• Strong social skills include the ability to articulate to both technical and non-technical audiences.
• Strong analytical and problem-solving skills.

Benefits

• medical
• dental
• vision
• matching 401(k)
• paid time off
• wellness program
• employee discounts for Sony products
• bonus package