Cloud Security Engineer

About The Position

Requirements

• Security Clearance: Active U.S. Secret clearance required (TS/SCI)
• Must be a U.S. citizen.
• Education: Bachelor’s degree in Cybersecurity, Information Assurance, Computer Science, or a related field (or 5+ years equivalent professional experience in cloud security engineering)
• Experience: 5–9+ years in cloud security engineering, with hands-on work in AWS GovCloud, Azure, Google GCP, or multi-cloud environments.
• Strong analytical, problem-solving, communication, and collaboration skills; ability to work in fast-paced, mission-critical environments.
• Technical Skills: Deep knowledge of cloud platforms (AWS GovCloud, Azure Government, etc.), IAM/RBAC, encryption, network security, and cloud-native security services.
• Familiarity with SIEM, vulnerability scanners, threat intelligence, and automation tools (e.g., Terraform, Python scripting).
• Experience with compliance frameworks (NIST, FedRAMP, RMF) and tools like Azure Sentinel, NESSUS, BURP SUITE, Microsoft Defender, or AWS equivalents.
• Deep understanding of network security, encryption, logging/monitoring, and container/Kubernetes security.
• Experience with infrastructure-as-code, scripting (Python, PowerShell, etc.), and security automation tools.

Nice To Haves

• CISSP, AWS Certified Security-Specialty, AWS Certified Solutions Architect (Associate or Professional), Microsoft Certified: Security, Compliance & Identity, Security+, CEH, or CSSP related (e.g., CySA+, GCIH).

Responsibilities

• Design and implement secure cloud architectures and configurations across AWS GovCloud, Azure, and/or Google Cloud, applying best practices for least privilege encryption, network segmentation, and data protection.
• Implement and maintain cloud security frameworks, ensuring ongoing compliance with NIST 800-53 Rev. 5, FedRAMP, DoD IL-2/4/5, RMF, and Secure Cloud Computing Architecture (SCCA) requirements.
• Configure and manage Identity and Access Management (IAM), Role-Based Access Control (RBAC), Just-In-Time (JIT) access, Key Vaults, and Zero Trust Architecture (ZTA) principles across cloud environments.
• Engineer, deploy, and optimize cloud-native security tools, including Microsoft Defender for Cloud, Azure Sentinel, AWS GovCloud security services, CSPM/CWPP solutions, and SIEM (Elastic) platforms for threat detection, monitoring, and response.
• Conduct vulnerability assessments, penetration testing simulations, security configuration reviews (against STIGs, CIS benchmarks, and NIST controls), and continuous monitoring of cloud resources.
• Develop, maintain, and update System Security Plans (SSP), Security Assessment Reports (SAR), Plans of Action & Milestones (POA&M), and risk/compliance reporting for cloud-based operations.
• Identify, analyze, and respond to Indicators of Compromise (IoCs), threat intelligence, and security incidents within cloud environments; perform root-cause analysis and implement preventive controls.
• Perform periodic security reviews and audits of cloud environments (Azure, AWS, hybrid) to ensure sustained compliance, mitigate evolving threats, and update policies/procedures.
• Collaborate with DevSecOps, infrastructure, and development teams to integrate security into CI/CD pipelines, automate security controls, and support secure cloud migrations or modernization initiatives.
• Assess current cloud architectures, propose security improvements, review designs through a security lens, and serve as a subject-matter expert on cloud security tools, processes, and best practices.
• Coordinate with configuration management teams to ensure hardware/software changes adhere to security protocols, maintain version control, and support documentation of the cyber terrain.
• Develop, enforce, and maintain cloud security policies, standards, and automated guardrails to support secure CI/CD pipelines and infrastructure-as-code (IaC) practices (e.g., using Terraform, CloudFormation).
• Monitor cloud environments for security incidents, investigate alerts, perform root-cause analysis, and coordinate incident response activities.
• Identify emerging threats and recommend proactive improvements to cloud security posture, including automation of security controls and processes.
• Provide guidance and training to engineering teams on secure cloud design patterns and best practices.
• Ability to be on-site 5 days a week at our office Playa Vista.

Benefits

• Shared upside: Receive equity in Apex, letting you benefit from the work you create
• Best-in-class healthcare: 100% company-paid medical, dental, and vision for you and your dependents, plus $100k life insurance at no cost
• Comprehensive PTO package to reset and recharge - starting at 15 days vacation, growing to 20+ days annually, plus 10 paid holidays
• Competitive 401(k) plan with generous matching - 100% match on first 3%, 50% on next 2%
• 8 weeks paid parental leave plus childcare reimbursement up to $350/day for work-related travel
• Daily catered lunch and unlimited snacks to keep you fueled throughout the day
• Vibrant community: Monthly office BBQs, pickleball tournaments, run club, and social gatherings for you and your family
• Your dream desk setup and all the tools you need to be your most productive self
• World-class Playa Vista office with EV chargers, with the benefit of in-person collaboration with amazing coworkers and flexibility to integrate work and life
• Real impact opportunity: Work alongside experts from aerospace, new space, and other cutting-edge industries to make a lasting difference