Enterprise Cloud Security Engineer

About The Position

Requirements

• Experience: 5+ years of experience in Cloud Security, DevSecOps, or Infrastructure Engineering, with at least 3 years focused on public cloud (AWS, Azure, and GCP).
• Technical Mastery: Deep hands-on expertise with Terraform, Kubernetes, and Linux environments.
• Coding/Scripting: Proficiency in Python, Go, or Bash for automating security tasks and building custom tooling.
• Security Tooling: Experience implementing and tuning CSPM/CNAPP tools (e.g., Wiz, Prisma Cloud, Orca, Sysdig) and SIEM platforms (Tenex, Splunk, Datadog Security).
• Frameworks: Working knowledge of NIST CSF, NIST 800-53, or FedRAMP requirements.

Nice To Haves

• Aerospace/Defense Experience: Familiarity with DO-326A (Airworthiness Security), ITAR regulations, or safety-critical systems.
• Certifications: AWS Certified Security – Specialty, Azure Security Engineer (AZ-500), CKA (Certified Kubernetes Administrator), and CISSP, CISM.
• Architecture: Experience designing "Zero Trust" networks and implementing Service Mesh (e.g., Istio, Linkerd) security.
• Offensive Security: Experience conducting cloud penetration tests or "Purple Team" exercises to validate defenses.

Responsibilities

• Cloud Architecture & Hardening: Design, implement, and maintain secure cloud architectures across AWS and Azure. Enforce zero-trust principles and least-privilege access using advanced IAM policies and roles.
• Infrastructure as Code (IaC) Security: Lead the security review and automated scanning of IaC templates (Terraform, CloudFormation, Helm). Prevent misconfigurations before they reach production.
• DevSecOps & Automation: Integrate security tooling (CSPM, CWPP, Secret Scanning) directly into CI/CD pipelines (Jenkins, GitLab, GitHub Actions) to enable rapid, secure deployment.
• Kubernetes & Container Security: Secure containerized workloads and orchestration platforms (EKS/AKS), ensuring runtime protection, image scanning, and network segmentation.
• Compliance & Governance: Map cloud security controls to industry frameworks, including NIST SP 800-53, ISO 27001, and aviation-specific standards like DO-326A—Automate evidence collection for audits.
• Threat Detection & Incident Response: Build high-fidelity detection rules for cloud threats using SIEM/SOAR platforms. Lead investigations into cloud security incidents and perform forensics on ephemeral workloads.
• Telemetry & Data Protection: safeguard critical flight telemetry and sensitive data pipelines through robust encryption, key management (KMS/HSM), and data loss prevention (DLP) strategies.