Senior Cloud Security Engineer

Pax8
$115,000 - $150,000Remote

About The Position

This is a high-impact opportunity to shape the security posture of Pax8's cloud and platform ecosystem. Unlike many security engineering roles that focus primarily on application code, this position sits at the intersection of cloud security analysis, platform security architecture, and engineering influence. You'll evaluate how our platform is built today, identify security gaps and architectural weaknesses, and help define the standards, guardrails, and patterns that engineering teams will use going forward. You'll operate at the intersection of security, DevOps, SRE, platform engineering, and emerging AI technologies—helping protect a rapidly growing global marketplace while influencing how secure cloud platforms are designed and operated at scale.

Requirements

  • 7+ years of experience in Cloud Security, Infrastructure Security, Platform Security, Security Architecture, DevSecOps, or related disciplines.
  • Experience assessing cloud environments and identifying security weaknesses, misconfigurations, or architectural risks.
  • Extensive hands-on AWS expertise across IAM, VPC, EKS, KMS, Secrets Manager, CloudTrail, S3, logging, networking, and access controls.
  • Proven Kubernetes security experience including RBAC, service accounts, workload identities, network policies, and workload isolation.
  • Experience securing CI/CD pipelines and cloud-native delivery workflows.
  • Strong understanding of threat modeling and risk-based security assessments.
  • Experience writing or maintaining security standards, hardening baselines, reference architectures, or security design guidance.
  • Strong Infrastructure-as-Code fluency, particularly Terraform, with the ability to read and review Helm charts.
  • Experience partnering with DevOps, SRE, Platform Engineering, or Infrastructure teams.
  • Ability to operate independently and influence outcomes without formal authority.
  • Must have the legal right to work in the United States.

Nice To Haves

  • Experience within large SaaS, technology, fintech, cloud-native, or highly regulated organizations.
  • Experience with GitHub Actions, OIDC federation, secrets management, and deployment protection controls.
  • Experience operating CNAPP, CSPM, or cloud security posture management platforms beyond dashboard review.
  • Experience producing ADRs, security design documents, or architecture standards that engineering teams actively use.
  • Familiarity with AI platform security, agentic workloads, and AI-enabled development practices.
  • Relevant certifications such as AWS Security Specialty, CCSP, CISSP, CKS, or equivalent.

Responsibilities

  • Review AWS, Kubernetes, CI/CD, and SaaS environments to identify security gaps, misconfigurations, and architectural weaknesses.
  • Perform threat modeling, security architecture reviews, and cloud security assessments to identify attack paths, trust boundaries, and opportunities to reduce blast radius.
  • Assess platform infrastructure against established security baselines and drive remediation efforts or formal risk acceptance.
  • Validate that security controls are operating as intended across cloud, identity, network, and platform layers.
  • Establish and evolve cloud and platform security hardening standards across AWS, Kubernetes, CI/CD, and SaaS platforms.
  • Translate infrastructure architecture into clear, actionable security expectations—and validate they work in practice.
  • Develop reference architectures, decision records (ADRs), and security design guidance that engineering teams can operationalize.
  • Define and maintain secure patterns, guardrails, and baseline configurations for cloud-native delivery.
  • Define and enforce least-privilege access models across AWS and Kubernetes environments.
  • Review and improve IAM policies, RBAC models, identity federation, service identities, and cross-account trust boundaries.
  • Partner with engineering teams to reduce unnecessary privilege and strengthen access controls without impacting delivery velocity.
  • Assess and improve CI/CD security controls including federated identity, GitHub Actions security, secrets management, deployment protections, and pipeline trust boundaries.
  • Review Infrastructure-as-Code patterns and recommend secure-by-default approaches.
  • Help engineering teams build secure delivery workflows that scale.
  • Validate network security controls, segmentation boundaries, ingress controls, and cloud networking architecture.
  • Assess Kubernetes security controls including RBAC, service accounts, workload identities, and network policies.
  • Ensure security controls are aligned to platform risk and business impact.
  • Maintain platform security posture visibility through metrics, reporting, and security tracking mechanisms.
  • Track remediation progress and communicate risk in terms of business impact, exposure reduction, and blast radius.
  • Help leadership understand where security investments are reducing risk and enabling secure growth.
  • Partner closely with DevOps, SRE, and Engineering teams as a trusted advisor and platform security authority.
  • Influence technical decisions through expertise, collaboration, and practical recommendations rather than direct authority.
  • Help teams understand not just what needs to change—but why it matters and what good looks like.

Benefits

  • Competitive salary and annual performance bonus
  • Stock options
  • Comprehensive medical, dental, and vision insurance
  • 401(k) retirement plan with company contribution
  • Generous paid time off and company holidays
  • Dedicated learning time with LinkedIn Learning access
  • Wellbeing initiatives and employee assistance programs
  • Non-Commissioned Bonus Plans or Variable Commission
  • Employer Paid Short & Long Term Disability, Life and AD&D Insurance
  • Flexible, Open Vacation
  • Paid Sick Time Off
  • Extended Leave for Life events
  • RTD Eco Pass (For local Colorado Employees)
  • Career Development Programs
  • Employee-led Resource Groups
© 2026 Teal Labs, Inc
Privacy PolicyTerms of Service