Cloud Security Manager

About The Position

Requirements

• 5+ years of experience in cloud security, platform security engineering, and/or cloud engineering
• 5+ years of experience implementing policy-as-code and admission control for cloud and Kubernetes (e.g., Azure Policy, AWS Configuration, GCP Organization Policy, Open Policy Agent (OPA)/Gatekeeper, Coverity)
• 3+ years of experience in leadership and/or team lead capacity
• 3+ years of experience with cloud provider security primitives and compliance controls across Azure, AWS, and GCP (identity, encryption, networking, logging)
• 3+ years of experience automating security and compliance controls in IaC and CI/CD pipelines (Terraform policy checks, pre-commit scanning, pipeline gates)
• Experience producing automated audit evidence and supporting compliance frameworks (National Institute of Standard Technology (NIST), Federal Risk and Authorization management Program (FedRAMP), Service Organization Control 2 (SOC2), or equivalent)
• Ability and willingness to perform hands-on technical work (policy modules, admission controllers, automation) alongside managerial duties

Nice To Haves

• Experience with excellent stakeholder management and communication skills
• Experience influencing architecture, platform, and development teams
• Experienced in feeding policy and telemetry into security event/correlation platforms and building automated incident response and orchestration workflows, including tying policy signals to continuous-compliance tooling and automated drift remediation
• Experience coding or scripting proficiency (Go, Python, or similar)
• Experience authoring reusable IaC modules and test harnesses
• Experience with Kubernetes runtime security, secrets management, and pod security posture (Center for Internet Security (CIS), Pod Security Admission (PSA)/Pod Security Policy (PSP) alternatives)
• Experience in regulated industries and/or with enterprise audit processes

Responsibilities

• Lead and grow the Policy-as-Code team responsible for security and compliance controls across Azure, Amazon Web Services (AWS), and Google Cloud Platform (GCP)
• Define and operate a unified guardrail framework that enforces both security and compliance requirements (policy-as-code, admission controllers, Terraform guardrails)
• Own the policy lifecycle: authoring, testing, versioning, staged rollout, monitoring, and deprecation of automated policies
• Build continuous compliance automation: evidence collection, attestations, audit reporting, and remediation workflows that reduce manual audit effort
• Integrate policy enforcement into Continuous Integration (CI)/Continuous Delivery (CD), Infrastructure as Code (IaC) pipelines, Developer Experience (DevEx) workflows, and account provisioning operated by Foundations
• Establish operability criteria for policy enforcement (performance, false-positive tolerance, rollback procedures) and require operability signoff prior to production enforcement
• Drive cross-team collaboration with Cloud Foundations, Platform Acceleration, DevEx, Runtime Site Reliability Engineer (SRE), Legal & Compliance, and Enterprise Security to ensure policies are accurate, testable, and adoptable
• Respond to high-severity security or compliance incidents affecting the platform; lead technical remediation and convert findings into durable policy or platform changes
• Track and report security and compliance Key Performance Indicators (KPIs); use telemetry to prioritize policy coverage and reduce risk
• Contribute hands-on to critical policy implementations, admission controller integrations, or automation scripts as needed

Benefits

• health insurance
• flexible spending accounts
• health savings accounts
• retirement savings plans
• life and disability insurance programs
• paid and unpaid time away from work