Sr Cloud Security Engineer

About The Position

Requirements

• Bachelor’s degree in Computer Science, Information Security, or equivalent practical experience.
• 4–6 years of hands‑on experience in security engineering, systems engineering, cloud engineering, or vulnerability management roles.
• Demonstrated experience operating or supporting an enterprise vulnerability management program.
• Strong understanding of vulnerability discovery, CVE/CVSS concepts, risk‑based prioritization, and remediation workflows.
• Experience securing workloads in AWS, Azure, and/or GCP.
• Working knowledge of cloud security controls including IAM, logging, monitoring, encryption, and threat detection as they relate to vulnerability reduction.
• Experience operating security controls in highly available, production environments.
• Hands‑on experience with scripting or automation (Python, Bash, PowerShell).
• Working knowledge of infrastructure‑as‑code or configuration management tools such as Terraform, CloudFormation, ARM, Puppet, or Ansible.
• Understanding of Secure SDLC concepts and application vulnerability management practices.
• Familiarity with security frameworks or compliance requirements such as NIST, PCI DSS, CIS, or ISO 27001, particularly as they relate to vulnerability and patch management.
• Strong communication skills and the ability to collaborate effectively with engineering and operations teams.

Nice To Haves

• Experience operating vulnerability scanners or CSPM tooling and driving remediation of findings.
• Exposure to application security tools such as SAST, SCA, or DAST.
• Prior involvement in vulnerability management, security operations, or remediation governance programs.
• Familiarity with certificate management platforms or enterprise PKI (e.g., DigiCert, AppViewX).
• Experience with edge or application security technologies such as Akamai Control Center or Akamai WAF.
• Experience with containerized environments (Docker required; Kubernetes preferred).
• CompTIA Security+
• AWS or Azure Security certifications
• CCSP

Responsibilities

• Own the triage, validation, prioritization, and remediation tracking of vulnerability findings across cloud, on‑prem, and application environments.
• Perform risk‑based analysis of vulnerability findings, including false positive validation, asset context evaluation, and remediation verification.
• Partner with platform, cloud, infrastructure, and application teams to drive effective and sustainable remediation outcomes.
• Support and continuously improve enterprise vulnerability management and patching workflows, including SLAs, exception handling, and escalation paths.
• Support infrastructure hardening and patch compliance efforts across cloud and on‑prem environments.
• Contribute to vulnerability discovery and remediation efforts using tools such as CSPM, vulnerability scanners, application security tooling, and penetration testing results.
• Implement, operate, and tune security tooling used for vulnerability visibility, monitoring, detection, and response across AWS, Azure, and GCP.
• Perform security architecture and design reviews for cloud services, applications, and technologies, providing actionable guidance to reduce vulnerability exposure.
• Evaluate designs for security controls including identity and access management, encryption, logging, monitoring, and network protections with a focus on preventing recurring vulnerabilities.
• Contribute to the definition and ongoing improvement of security standards, reference architectures, configuration baselines, and hardening guidelines.
• Review application designs and implementation patterns to ensure alignment with Secure SDLC and secure coding expectations.
• Support application security activities including static, dynamic, and dependency scanning, and assist development teams in understanding and remediating findings.
• Identify opportunities to automate vulnerability validation, remediation tracking, and control validation to improve efficiency and consistency.
• Provide operational support for web application security technologies such as WAF and related edge controls, including Akamai where applicable.
• Support certificate lifecycle management, including inventory accuracy, renewal tracking, deployment coordination, and reduction of certificate‑related risk.
• Develop and maintain security documentation, runbooks, and standard operating procedures related to vulnerability and risk management.
• Contribute to metrics and reporting that provide visibility into vulnerability trends, remediation effectiveness, and risk reduction.
• Participate in security initiatives and continuous improvement efforts through hands‑on execution and technical insight.

Benefits

• Weekly Pay
• Free BJ’s Memberships
• Generous Paid Time Off
• Flexible and Affordable Health Benefits
• 401(k) Retirement Savings Plan
• Employee Stock Purchase Plan