Staff Cloud Security Specialist

About The Position

Requirements

• 3+ years of hands-on experience securing workloads in public cloud environments (Google Cloud Platform (GCP), AWS, or Azure).
• Solid understanding of core cloud security concepts: IAM, networking, segmentation, logging/monitoring, encryption, key management, secrets management, and workload security.
• Experience using infrastructure-as-code and automation tools (e.g., Terraform, CloudFormation, Bicep) and supporting CI/CD pipelines.
• Familiarity with container and/or Kubernetes security fundamentals.
• Experience participating in threat modeling or security design reviews.
• Strong written and verbal communication skills; able to document designs and explain security requirements to engineering teams.
• Bachelor’s degree in Computer Science, Engineering, or a related field (or equivalent practical experience).

Nice To Haves

• Multi-cloud experience preferred.
• Exposure to PCI DSS, HIPAA/HITECH, or HITRUST control implementation in cloud environments.
• Experience with CSPM tools, cloud-native security services, or SIEM integrations.
• Familiarity with application security and DevSecOps tooling (SAST/DAST/SCA, secrets scanning).
• Knowledge of modern cloud patterns such as zero trust, API security, or event-driven architectures.
• Relevant certifications (one or more): CCSP, GCP Professional Cloud Security Engineer, AWS/Azure security specialty, or equivalent.

Responsibilities

• Contribute to and maintain cloud security reference architectures, standards, and implementation patterns for IaaS, PaaS, containers/Kubernetes, and serverless workloads.
• Partner with engineering and platform teams to apply approved security patterns in new and existing cloud workloads.
• Help implement and operate secure cloud landing zone controls including account/project structures, network segmentation, IAM boundaries, logging, and policy guardrails.
• Support infrastructure-as-code and policy-as-code implementations aligned with defined standards.
• Implement least-privilege IAM for workforce and workload identities.
• Support MFA, conditional access, secrets management, and privileged access patterns designed by senior architects.
• Apply encryption, key management, tokenization, and data handling standards for sensitive data including payment and healthcare data.
• Assist with data classification, retention, and secure deletion controls in cloud platforms.
• Participate in threat modeling and security design reviews for cloud services and applications.
• Help integrate DevSecOps and SDLC security controls into CI/CD pipelines using established tooling and patterns.
• Ensure required cloud audit logs, telemetry, and security signals are enabled and flowing to centralized monitoring.
• Partner with Security Operations to improve visibility, detection coverage, and incident readiness in cloud environments.
• Help define and maintain cloud hardening baselines, container/image standards, and configuration compliance controls.
• Work with engineering teams to remediate recurring or systemic cloud security findings.
• Support reviews of cloud-connected vendors and SaaS integrations against established security requirements.
• Assist in defining and validating compensating controls and monitoring expectations.
• Partner with GRC and audit teams to map technical cloud controls to compliance frameworks.
• Support evidence collection, control validation, and remediation activities during audits and assessments.
• Conduct Security Reviews: Work with project teams to evaluate the security of new, cloud-based initiatives, project, and products for customer facing and internal use applications.
• Design cloud security controls aligned to PCI DSS, HIPAA/HITECH, HITRUST CSF, SOC 2, SOX ITGC, and internal security standards.
• Support continuous compliance efforts such as automated configuration checks, continuous monitoring, and repeatable evidence generation.
• Participate in risk assessments, exception handling, and corrective action plans for cloud security gaps.
• Contribute to customer assurance activities by providing clear technical explanations and diagrams with guidance from senior architects.

Benefits

• Competitive total rewards (base salary + bonus, if applicable)
• Customizable benefits package (3 medical plans with Health Saving Account company match)
• Generous paid time off for non-exempt team members, starting with 3 weeks + 13 paid holidays, including 2 personal floating holidays.
• Flexible time off for exempt team members + 13 paid holidays
• Paid parental leave (including maternity + paternity leave)
• Education assistance opportunities and free LinkedIn Learning access
• Free mental health and family planning programs, including adoption assistance and fertility support
• 401(K) program with company match
• Pet insurance
• Employee resource groups