Principal Cloud Security Engineer

About The Position

Requirements

• Bachelor Degree in computer science or relevant technical degree; or equivalent industry experience.
• 8+ years of cybersecurity or cloud engineering experience, with at least 5+ in cloud security.
• Hands-on advanced experience securing and automating two or more cloud environments (AWS/GCP/Azure/Oracle).
• Experience with native cloud security tools (AWS Security Hub, GuardDuty, Defender for Cloud, Google SCC, etc)
• Strong background in infrastructure as code (Terraform, CloudFormation, ARM/Bicep) and CI/CD (GitLab, GitHub Actions, etc).
• Proficient in at least one programming/scripting language (Python, Go, PowerShell, Bash).
• Deep knowledge of cloud identity and access management (IAM/RBAC), key management (KMS/Key Vault/Cloud KMS), networking, and encryption.
• Experience with application security standards such as OWASP ASVS/Top 10 and CWE 25.
• Experience aligning security controls with NIST 800-53, FedRAMP, CIS Benchmarks, or equivalent frameworks.
• Proven track record embedding security into Agile/DevSecOps teams and pipelines.
• Strong communication and leadership skills, with demonstrated experience in successfully designing, delivering, and iterating on complex projects with a diverse set of stakeholders.

Nice To Haves

• Experience securing GovCloud, DoD IL6, or other restricted cloud environments.
• Knowledge of ServiceNow for CMDB integrations, discovery, and security workflows.
• Familiarity with supply chain security (SBOM, SLSA, dependency scanning, artifact signing).
• Strong background in zero trust architectures and enterprise identity platforms (Okta, Entra ID, AWS SSO).
• Certifications such as AWS Certified Security - Specialty, Azure Security Engineer Associate, Google Professional Cloud Security Engineer, OSCP, or CISSP.
• Experience with Kubernetes security (OPA/Gatekeeper, PodSecurityStandards, Prisma, Twistlock, etc.).

Responsibilities

• Design and implement secure architecture across AWS, Azure, and GCP, including Commercial, GovCloud, and IL6 enclaves.
• Define and enforce security baselines (CIS, NIST 800-53, FedRAMP, etc) and align security controls with compliance frameworks.
• Lead architecture reviews, threat modeling, and secure design guidance for cloud services and workloads.
• Build and maintain Infrastructure as Code modules (Terraform) to enforce security at scale across hundreds of accounts, subscriptions, and projects.
• Integrate CI/CD pipelines with automated security scans (SAST, DAST, IaC scanning, container security) and drive secure coding practices across the organization.
• Develop and enhance automated guardrails, policies, and remediation pipelines.
• Support ATO compliance efforts by embedding controls into the cloud buildout process and lead assessments.
• Partner with compliance officers, auditors, and platform engineers to ensure evidence and reporting readiness.
• Implement centralized logging, monitoring, and incident response across multi- cloud environments.
• Guide a team of security and platform engineers on secure cloud development and automation practices.
• Partner with architects, developers, and compliance teams to align security objectives between projects, stakeholders, and platform teams.
• Act as a cloud security subject matter expert for stakeholders, architects, and engineering leads.

Benefits

• At LightFeather, you're not just taking a job—you’re joining a purpose-driven team that delivers innovative, mission-critical solutions that make a real difference. You’ll work on diverse, meaningful projects that challenge and inspire you, alongside talented teammates who value delivery, collaboration, and continuous improvement.