Senior Cloud Security Engineer

About The Position

Requirements

• B.S. or M.S. in Computer Science, Information Security, or a related technical field. NOTE: If resources do not have a relevant college degree, an additional 4 years of relevant work experience is required.
• 8+ years in a technical Cybersecurity Engineering role, with at least 4 years focused on large-scale cloud or hybrid environments, and a portfolio of projects where AI or Machine Learning was directly applied to solve security or operational scaling problems.
• Demonstrated experience managing environments with 10,000+ workloads and high-availability requirements for retail/commercial applications.
• Experience with CI/CD and GitOps workflows, treating security configurations as code that is automatically tested and deployed.
• Expert-level knowledge of security architectures in AWS, Azure, and Google Cloud.
• Mastery of Terraform, Ansible, or CloudFormation to deploy and manage security configurations at massive scale.
• Ability to leverage Databricks to perform deep-dive analysis on billions of logs for threat hunting and efficacy reporting.
• Experience securing Kubernetes (EKS/AKS/GKE) and Docker environments, focusing on runtime protection and image integrity.
• Proficiency with OAuth 2.0, SAML, and CIAM solutions for large-scale customer and employee authentication.
• Proficiency in using Python (PySpark/Pandas) within Databricks to build custom anomaly detection models that go beyond standard SIEM correlation rules.
• Knowledge of the OWASP Top 10 for LLMs and experience implementing AI gateways or "firewalls" to monitor and filter AI-generated traffic.
• Deep expertise in building "glue code" that connects disparate COTS and custom applications via secure, automated APIs to streamline cross-functional business activities.
• The ability to explain to non-technical stakeholders how AI-driven security decisions (like blocking a suspicious $1M commercial transaction) are made and how to handle "false positives" at scale.
• A relentless focus on identifying repetitive manual tasks (e.g., firewall rule reviews, access audits) and replacing them with self-healing, automated systems.
• Ability to obtain and maintain a Public Trust clearance and successfully pass a thorough Government background screening process requiring the completion of detailed forms and fingerprinting
• This position has a U.S. residency requirement. The USPS security clearance process requires the selected candidate to have resided in the U.S. (including U.S. Territories) for the last five years as follows: U.S. Citizens cannot have left the U.S. (including U.S. Territories) for longer than 6 months consecutively in the last 3 years (unless they meet certain exceptions). Non-U.S. Citizens cannot have left the U.S. (including U.S. Territories) for longer than 90 days consecutively in the last 3 years.

Nice To Haves

• CISSP (Certified Information Systems Security Professional)
• CCSP (Certified Cloud Security Professional)
• Cloud-specific Professional Security Certifications (e.g., AWS Certified Security – Specialty or Google Professional Cloud Security Engineer).

Responsibilities

• Design and implement automated compliance assessments to enforce hardening standards (CIS, NIST) across cloud accounts and on-premises virtualized environments.
• Architect and maintain the security of our sprawling asset inventory. Implement data-at-rest and data-in-transit encryption strategies that span from physical data center servers to cloud-native storage.
• Develop and secure the "Identity Fabric" linking 600k+ employees and millions of commercial customers. Collaborate with Fraud teams to integrate signals from SIEM and Databricks to detect and block malicious account activity.
• Build and manage secure connectivity (Transit Gateways, Service Mesh) between on-premises hypervisors and multi-cloud environments, ensuring consistent policy enforcement.
• Partner with the SOC to develop high-fidelity detection logic. Build SOAR playbooks that automate the isolation of compromised cloud workloads or on-premises VMs.
• Support ongoing "Purple Team" exercises and control testing to validate that security tools (EDR, WAF, DLP) are performing as intended across all tenants.
• Establish security guardrails for the enterprise's internal and customer-facing AI models. This includes protecting Databricks training pipelines from data poisoning and implementing mitigations for LLM-specific threats like prompt injection and sensitive data leakage.
• Drive the transition from manual "click-to-operate" security to Autonomous Security Operations. This involves building advanced SOAR playbooks that use ML-based triggers to perform auto-remediation across hybrid environments without human intervention.
• Partner with business units to integrate security "invisibly" into their workflows. Use automation to reduce "security friction" in logistics and retail operations, ensuring that compliance checks (like PCI or SOC2) are performed continuously and programmatically.
• Discover and catalog "Shadow AI" usage across the enterprise, ensuring all third-party AI tools meet the enterprise's privacy and security standards.

Benefits

• 401K with company match
• Comprehensive health and wellness packages
• Internal mobility team dedicated to helping you own your career
• Professional growth opportunities including paid education and certifications
• Cutting-edge technology you can learn from
• Rest and recharge with paid vacation and holidays
• Variety of medical plan options, some with Health Savings Accounts
• Dental plan options
• Vision plan
• Ability to contribute both pre and post-tax dollars up to the IRS annual limits and receive a company match
• Full flex work weeks where possible
• Variety of paid time off plans, including vacation, sick and personal time, holidays, paid parental, military, bereavement and jury duty leave
• 15 days of paid leave per calendar year to be used for vacations, personal business, and illness
• 10 paid holidays per year
• Paid leave and paid holidays are prorated based on the employee’s date of hire.
• Total of up to 160 hours of paid leave in a rolling 12 month period for eligible employees.
• Short and long-term disability benefits
• Life, accidental death and dismemberment, personal accident, critical illness and business travel and accident insurance are provided or available.