Senior Cloud Security Engineer

Pax8

1d•$115,000 - $150,000•Onsite

About The Position

The Senior Cloud Security Engineer role at Pax8 in the USA is a high-impact opportunity to shape the security posture of Pax8's cloud and platform ecosystem. This position sits at the intersection of cloud security analysis, platform security architecture, and engineering influence. The engineer will evaluate how the platform is built, identify security gaps and architectural weaknesses, and help define the standards, guardrails, and patterns that engineering teams will use going forward. The role operates at the intersection of security, DevOps, SRE, platform engineering, and emerging AI technologies, protecting a rapidly growing global marketplace while influencing how secure cloud platforms are designed and operated at scale. Pax8 is redefining how cloud technology is bought, sold, and secured, fostering an inclusive, high-energy culture where curiosity, collaboration, and innovation thrive. New starters join at a moment of meaningful transformation, learning, experimenting, and building alongside cutting-edge technology. This is an opportunity to help establish what "good" looks like for platform security while working alongside talented engineers building modern cloud-native systems.

Requirements

7+ years of experience in Cloud Security, Infrastructure Security, Platform Security, Security Architecture, DevSecOps, or related disciplines.
Experience assessing cloud environments and identifying security weaknesses, misconfigurations, or architectural risks.
Extensive hands-on AWS expertise across IAM, VPC, EKS, KMS, Secrets Manager, CloudTrail, S3, logging, networking, and access controls.
Proven Kubernetes security experience including RBAC, service accounts, workload identities, network policies, and workload isolation.
Experience securing CI/CD pipelines and cloud-native delivery workflows.
Strong understanding of threat modeling and risk-based security assessments.
Experience writing or maintaining security standards, hardening baselines, reference architectures, or security design guidance.
Strong Infrastructure-as-Code fluency, particularly Terraform, with the ability to read and review Helm charts.
Experience partnering with DevOps, SRE, Platform Engineering, or Infrastructure teams.
Ability to operate independently and influence outcomes without formal authority.
Must have the legal right to work in the United States.

Nice To Haves

Experience within large SaaS, technology, fintech, cloud-native, or highly regulated organizations.
Experience with GitHub Actions, OIDC federation, secrets management, and deployment protection controls.
Experience operating CNAPP, CSPM, or cloud security posture management platforms beyond dashboard review.
Experience producing ADRs, security design documents, or architecture standards that engineering teams actively use.
Familiarity with AI platform security, agentic workloads, and AI-enabled development practices.
Relevant certifications such as AWS Security Specialty, CCSP, CISSP, CKS, or equivalent.

Responsibilities

Assess and Improve Platform Security: Review AWS, Kubernetes, CI/CD, and SaaS environments to identify security gaps, misconfigurations, and architectural weaknesses. Perform threat modeling, security architecture reviews, and cloud security assessments to identify attack paths, trust boundaries, and opportunities to reduce blast radius. Assess platform infrastructure against established security baselines and drive remediation efforts or formal risk acceptance. Validate that security controls are operating as intended across cloud, identity, network, and platform layers.
Define Security Standards and Architecture: Establish and evolve cloud and platform security hardening standards across AWS, Kubernetes, CI/CD, and SaaS platforms. Translate infrastructure architecture into clear, actionable security expectations—and validate they work in practice. Develop reference architectures, decision records (ADRs), and security design guidance that engineering teams can operationalize. Define and maintain secure patterns, guardrails, and baseline configurations for cloud-native delivery.
Secure Identity and Access: Define and enforce least-privilege access models across AWS and Kubernetes environments. Review and improve IAM policies, RBAC models, identity federation, service identities, and cross-account trust boundaries. Partner with engineering teams to reduce unnecessary privilege and strengthen access controls without impacting delivery velocity.
Secure CI/CD and Platform Delivery: Assess and improve CI/CD security controls including federated identity, GitHub Actions security, secrets management, deployment protections, and pipeline trust boundaries. Review Infrastructure-as-Code patterns and recommend secure-by-default approaches. Help engineering teams build secure delivery workflows that scale.
Strengthen Infrastructure and Network Security: Validate network security controls, segmentation boundaries, ingress controls, and cloud networking architecture. Assess Kubernetes security controls including RBAC, service accounts, workload identities, and network policies. Ensure security controls are aligned to platform risk and business impact.
Measure and Communicate Security Posture: Maintain platform security posture visibility through metrics, reporting, and security tracking mechanisms. Track remediation progress and communicate risk in terms of business impact, exposure reduction, and blast radius. Help leadership understand where security investments are reducing risk and enabling secure growth.
Partner and Influence: Partner closely with DevOps, SRE, and Engineering teams as a trusted advisor and platform security authority. Influence technical decisions through expertise, collaboration, and practical recommendations rather than direct authority. Help teams understand not just what needs to change—but why it matters and what good looks like.