Senior Engineer – Cloud Security

About The Position

Requirements

• 5–8+ years of experience in cloud infrastructure or DevOps engineering, with a strong focus on AWS (EC2, RDS, ElastiCache, IAM, CloudFormation/Terraform, VPC, KMS, etc.).
• Proven experience implementing cloud security best practices—including network hardening, encryption, key management, and vulnerability remediation.
• Deep familiarity with security frameworks (e.g., NIST 800-53, FedRAMP, SOC 2, ISO 27001, CIS Benchmarks).
• Experience responding to customer security assessments and due diligence questionnaires.
• Hands-on experience with monitoring and observability tools (CloudWatch, Datadog, Prometheus, etc.) and SIEM/SOC integrations.
• Strong understanding of PostgreSQL security and database hardening in a cloud environment.
• Solid scripting or automation skills (Python, Bash, or similar) for infrastructure security automation.
• Excellent written and verbal communication skills — especially in explaining security controls to non-technical stakeholders and customers.
• A mindset that balances security, performance, and scalability.
• A passion for solving complex problems at the intersection of infrastructure and security.
• Strong cross-functional collaboration skills with compliance, legal, product, and customer teams.
• The ability to translate technical controls into clear business value and compliance evidence.
• Initiative and ownership to identify vulnerabilities and drive mitigation end-to-end.

Nice To Haves

• Experience participating in or preparing for FedRAMP, SOC 2, ISO 27001, or similar compliance audits.
• Background in threat detection, incident response, or forensics in cloud environments.
• Familiarity with container security (EKS, ECS, or Kubernetes security hardening).
• Security certifications such as AWS Certified Security – Specialty, CISSP, or CCSP.
• Prior experience in a SaaS company or highly regulated industry (government, healthcare, finance).

Responsibilities

• Lead cloud security initiatives across AWS infrastructure, ensuring alignment with best practices, company policies, and NIST 800-53 requirements.
• Design and implement secure infrastructure patterns, including network segmentation, encryption, IAM policies, and secrets management.
• Collaborate with engineering, product, and compliance teams to build security into every layer of our SaaS platform lifecycle.
• Own the cloud security roadmap, driving projects to improve observability, vulnerability management, and overall risk reduction.
• Prepare and guide the company through NIST 800-53 readiness, including documentation, evidence gathering, and control implementation.
• Respond to customer security questionnaires and audits, providing detailed, accurate, and timely responses that represent the company’s security posture.
• Develop and maintain security automation and monitoring systems, leveraging tools such as AWS Config, GuardDuty, Security Hub, or third-party solutions (e.g., Wiz, Prisma Cloud, Datadog Security).
• Establish and enforce least-privilege IAM policies and conduct regular access reviews.
• Improve system observability and reliability through enhanced logging, metrics, and alerting for security and infrastructure health.
• Partner with engineering teams to perform secure code reviews, threat modeling, and security design reviews for new features.
• Assist with incident response, root cause analysis, and post-incident reviews to strengthen system resilience.
• Mentor peers and promote a culture of security-first engineering across the organization.

Benefits

• First Due offers a comprehensive compensation and benefits package for eligible employees, including competitive pay, medical, dental, and vision coverage, FSA/HSA, 401(k), flexible PTO, a fully remote workplace, a technology stipend, opportunities for advancement, and other benefits and perks that sets our team apart.