Security Engineer – Cloud Security (AWS)

About The Position

Requirements

• Minimum 5 years of experience in information security.
• Strong hands-on experience with AWS cloud environments and security concepts.
• Strong understanding of AWS IAM, networking, logging, monitoring, and workload security.
• Experience using AWS native security tools such as Inspector, Security Hub, or equivalent.
• Strong understanding of DevSecOps principles, CI/CD pipelines, and application security fundamentals.
• Basic understanding of SAP environments in cloud-hosted architectures.
• Experience identifying and communicating risk related to cloud configurations and architecture.
• Strong analytical and complex technical problem-solving skills.
• Ability to communicate technical risk clearly to non-technical stakeholders.
• Experience with APIs, scripting, or automation for data integration and workflow execution.
• Ability to operate independently and build a program with limited oversight.

Nice To Haves

• Experience across multiple cloud environments, including AWS multi-account and GovCloud architectures.
• Experience supporting Azure cloud environments.
• Experience implementing preventative security controls such as guardrails, policy enforcement, or pipeline gating.
• Experience improving data quality and visibility across multiple cloud and security data sources.
• Experience working with enterprise cloud platform, networking, or architecture teams.
• AWS Certified Security – Specialty required.
• AWS Certified Solutions Architect – Professional or AWS Certified DevOps Engineer – Professional preferred.

Responsibilities

• Serve as the primary cloud security engineer for AWS environments, including commercial, GovCloud, dev, and test accounts.
• Use AWS native security capabilities such as Inspector, Security Hub, and related services to identify and analyze risk.
• Maintain visibility across IAM, network configuration, logging, monitoring, and workload security posture.
• Identify issues such as overly permissive access, unused accounts, misconfigurations, and exposure risks.
• Develop and implement guardrails, policies, and controls to prevent insecure configurations and reduce attack surface.
• Promote the use of hardened images, containers, and standardized builds to reduce risk at deployment.
• Integrate cloud security findings into existing workflows and coordinate remediation with responsible teams.
• Work closely with Cloud Platform, SAP, Enterprise Architecture, and other teams to implement meaningful security improvements.
• Partner with Application Security teams to support DevSecOps practices, including CI/CD pipeline integration, gates, and automation.
• Support SAP cloud security needs and maintain awareness of SAP-specific risks within AWS environments.
• Use APIs, scripting, and integration to automate data collection, analysis, and workflow execution.
• Analyze cloud risk in context and communicate clear, actionable recommendations to stakeholders.
• Support logging and monitoring capabilities setup and integration while deferring operational ownership to SOC/IR teams.

Benefits

• Annual Incentive Program
• Medical/Pharmacy Plan
• Dental
• Vision
• Life Insurance
• Dependent Care Reimbursement Account
• Health Care Reimbursement Account
• Health Savings Account (HSA) (if enrolled in eligible health plan)
• Limited-Purpose FSA (if enrolled in eligible health plan and HSA)
• Transportation Reimbursement Account
• Short-term disability (STD)
• Long-term disability (LTD)
• Employee Assistance Program (EAP)
• Fitness Center Reimbursement (if enrolled in eligible health plan)
• Tuition reimbursement
• Transit programs
• Employee recognition program
• Pension
• 401(k) plan
• Paid time off (PTO)
• Holidays
• Volunteer Paid Time Off (VPTO)
• Parental Leave