Senior Cloud Security Engineer

About The Position

Requirements

• The Builder Mindset: You have a track record of building and deploying security infrastructure. You are comfortable writing OPA policies (Policy-as-Code) and managing secrets in Vault or AWS Secrets Manager.
• Cloud Native: You are an expert in the technical nuances of AWS, GCP, or Azure. You understand the difference between a "compliance map" and a "technical control". You have direct experience remediating cloud security issues.
• IaC Expert: Proficiency in Terraform is mandatory. You should be able to discuss module versioning, state management, and provider-specific security nuances.
• Identity Specialist: You have a deep understanding of SAML/OIDC, cross-account IAM roles, and how to enforce least privilege without breaking developer workflows.
• Communication: Strong verbal presence. You can lead technical workshops and explain complex architecture to engineering teams with confidence and clarity.
• Solution-minded and multi-focused: You thrive in fast-paced environments with multiple clients and competing priorities. You can quickly assess unfamiliar environments and execute remediation without perfect documentation.
• Must be a U.S. Citizen and currently based in the United States.
• Reliable high-speed internet connection.
• Quiet, professional home office setup.
• Must be amenable to working US Eastern Time zone hours.
• Fluency in written and verbal English communication skills.

Nice To Haves

• Relevant technical certifications: AWS Certified Security – Specialty, GCP Professional Security Engineer, or Azure Security Engineer Associate.
• Experience with FIPS 140 encryption implementation.
• Experience with CMMC enclave builds or FedRAMP security architecture implementation.
• Experience with containerization runtime security controls.

Responsibilities

• Engineer Security via IaC: Design and maintain reusable Terraform modules for IAM, networking, and logging. Implement security controls directly via Terraform and CloudFormation to ensure consistent, drift-resistant environments. Hands-on experience required (must have built reusable modules).
• Build Cloud Architecture: Deploy and manage AWS multi-account structures (Organizations, SCPs, Landing Zones) and Azure Hub-Spoke/Landing Zone architectures.
• Own Identity & Access: Implement least-privilege IAM using RBAC/ABAC, cross-account trust relationships, and permission boundaries. Automate identity lifecycles (JIT/PIM) and federate identities via Okta or Entra ID (SAML/OIDC).
• Direct Remediation: Don’t just identify misconfigurations - fix them. Own the remediation of vulnerabilities through engineering changes, patch automation, and configuration drift correction.
• Automate Security Ops: Develop automated remediation workflows using Lambda, Azure Functions, and Python scripts. Integrate SAST/DAST and secret scanning directly into GitHub Actions or Azure DevOps pipelines.
• Configure Native Security Stacks: Hands-on implementation and tuning of AWS GuardDuty, Security Hub, and Config, as well as Azure Sentinel and Defender for Cloud. Build cloud-native logging pipelines for SIEM ingestion.
• Network & Encryption Engineering: Design VPCs, security groups, and network segmentation. Implement WAFs (AWS WAF, Azure Front Door) and manage full-lifecycle encryption using KMS and Key Vault.
• Technical Compliance Implementation: Hands-on implementation of NIST 800-53 controls in cloud environments, including logging, IAM, encryption, and boundary design. Experience supporting FedRAMP or CMMC environments preferred
• Client facing: You will interface directly with clients, lead technical discussions, and take ownership of cloud security tasks and overall outcomes. Will own multiple clients engagements, balancing effective time management with expeditious communication.

Benefits

• Career Development: Clear path with mentorship and training opportunities
• Technical Training: Comprehensive onboarding on security and compliance frameworks
• Competitive Compensation: A competitive base salary with regular performance reviews linked to merit-based appraisals and bonus opportunities.
• Growth Opportunity: Early-stage company with significant room for career advancement.
• Remote-First Culture: Flexibility to work from anywhere while collaborating with a global team.