Corporate Vice President - Cloud Security Engineer

New York Life•New York, NY

23d•Hybrid

About The Position

The Security Engineer is responsible for designing and maintaining NYL’s cloud security controls, mainly in AWS and hybrid environments, with Azure and GCP also included. This hands-on role focuses on secure cloud platform development through automation, monitoring, and configuration. Key duties include operationalizing CIEM and CWPP tools, integrating detections and guardrails, and automating ongoing security improvements. This role will also be key in strengthening NYL’s identity and access architecture in the cloud—ensuring that IAM frameworks, authentication models, and permissions management are consistent, automated, and aligned with Zero Trust principles. In addition, this person will play a role in aligning our Agentic AI architecture and security patterns with the Identity design elements. The ideal candidate will combine deep technical expertise in AWS security with experience in identity engineering and automation, to help NYL reduce Identity risks across our cloud and hybrid environments.

Requirements

Bachelor’s degree in Computer Science, Information Systems, or equivalent experience.
10+ years of experience in cloud security engineering or related cybersecurity disciplines.
Proven ability to design, integrate, and operationalize security controls in AWS environments.
Hands-on experience with AWS IAM, KMS, CloudTrail, Config, GuardDuty, Security Hub, and Organizations.
Experience tuning and automating CSPM tools such as Wiz for detection, remediation, and data integration.
Deep understanding of authentication and authorization protocols (SAML, OIDC, OAuth2, SPIFFE, DCR, PKCE).
Strong scripting and automation skills (Python, PowerShell, Terraform) for cloud security orchestration and integration.
Understanding of Agentic AI identity principles.
Familiarity with Zero Trust principles, least-privilege access, and cloud identity lifecycle management.
Understanding of compliance frameworks (NYS DFS, NIST, CIS, ISO 27001) and how they apply to IAM and cloud environments.

Responsibilities

Engineer, configure, and maintain cloud security and identity controls across AWS and hybrid environments.
Design and implement secure cloud architectures leveraging AWS-native services (e.g., IAM, Organizations, CloudFormation, GuardDuty, Security Hub).
Engineer and maintain CIEM and CSPM capabilities, including tuning and extending Wiz detections and queries for AWS-native services (EC2, Lambda, S3, EKS, RDS, IAM, CloudFormation).
Develop scripts and APIs to integrate our cloud, identity, and other security controls.
Collaborate with AI and Data teams on Agentic AI Identity architecture patterns and designs
Continuously assess AWS configurations against CIS AWS Benchmarks, CSA, NIST 800-53, and NYDFS 500 standards; correlate Wiz findings with CloudTrail, IAM Access Analyzer, and Config data to identify systemic risks.
Build pipelines and IaC modules (Terraform, CloudFormation) to onboard new AWS accounts and resources into Wiz with secure-by-default baselines and consistent tagging.
Integrate cloud identity and access controls with enterprise IAM platforms (SailPoint, CyberArk, Ping).
Collaborate with Cloud Engineering, DevOps, and Application teams to design AWS architectures that meet posture requirements and embed IAM and security controls in CI/CD pipelines.
Document and evangelize AWS security best practices, secure configuration standards, and Wiz integration playbooks.