Staff Cloud Security Engineer

About The Position

Requirements

• Master’s degree (or its foreign degree equivalent) in Computer Science, Electronics Engineering, or a related quantitative discipline, and six (6) years of experience in the job offered or related field OR Bachelor’s degree (or its foreign degree equivalent) in Computer Science, Electronics Engineering, or a related quantitative discipline, and eight (8) years of progressively responsible experience in the job offered or related field.
• CI/CD: Jenkins (6 years), TeamCity (6 years), GitHub (6 years), Argo CD (2 years) and Spinnaker (6 years)
• Containers: Kubernetes (6 years), Docker (6 years), EKS (6 years), and AKS (6 years)
• IaC: Terraform (6 years), CloudFormation (6 years), Chef (6 years), and Ansible (6 years)
• AWS/Security: EC2 (6 years), S3 (6 years), Lambda (6 years), VPC (6 years), IAM (3 years)
• Vulnerability management (6 years)
• Programming languages: Python (6 years), Shell (6 years), PHP (6 years), PowerShell (6 years), and Ruby (6 years)
• High Availability: Disaster recovery (1 year), DR Setup (6 years) and High availability (1 year)
• Any suitable combination of education, training and/or experience is acceptable.

Responsibilities

• Drive organization-wide cloud security strategy by partnering with product and platform engineering teams to deliver mission-critical initiatives protecting end-user data.
• Serve as the primary escalation point for complex cloud security risks, architectural decisions, and high-risk findings, ensuring timely and effective remediation.
• Architect, implement, and enforce cloud security controls across the full SDLC, defining and evolving standards, reference architectures, and guardrails covering identity and access management, network segmentation, encryption, logging, and secrets management.
• Lead secure cloud migration and modernization efforts.
• Operationalize multi-cloud hardening in AWS (Security Reference Architecture, Guard Duty, AWS Organizations, KMS CMK lifecycle) and GCP (Workload Identity Federation, VPC Service Controls).
• Ensure the security posture of Kubernetes/EKS clusters through Pod Security Standards, fine-grained RBAC with OIDC short-lived tokens, default-deny Network Policies, and Service Mesh enforcement (Istio).
• Implement real-time runtime defense using eBPF-based monitoring of syscalls, processes, and network connections at the kernel level.
• Drive continuous monitoring, threat detection, incident response, and forensic investigations.
• Serve as a technical mentor and thought leader, influencing the long-term cloud security roadmap while balancing security, reliability, developer experience, and operational scalability.