# Cloud Security Engineer

**Company:** [Hex](https://hotfix.jobs/companies/hex)
**Location:** Remote
**Role:** Security Engineering
**Salary:** $200k – $265k/yr
**Experience:** 5+ years
**Skills:** AWS, Kubernetes, Terraform, IAM, Guardduty, Security Hub, Cloudtrail, Waf, Wiz, Panther, CI/CD, DevSecOps, RBAC
**Posted:** 2026-04-09

> Cloud Security Engineer secures AWS and Kubernetes infrastructure using Terraform IaC, conducts threat modeling and audits, embeds security in CI/CD pipelines, and ensures compliance with standards like SOC 2 and HIPAA. Requires 5+ years experience with AWS and Kubernetes security expertise.

## Job Description

## Responsibilities
- Design, implement, and manage security solutions and controls for AWS environments and Kubernetes clusters, including appropriate isolation/sandboxing methods for Hex’s RCE-as-a-Service platform.
- Build, deploy, and maintain infrastructure-as-code using **Terraform**, ensuring robust security standards are enforced.
- Conduct security assessments, threat modeling, and audits on AWS cloud infrastructure and Kubernetes deployments.
- Collaborate with development and operations teams to embed security best practices into **CI/CD** pipelines.
- Monitor and respond to cloud security incidents, identifying root causes and recommending remediation actions.
- Provide expertise in compliance requirements related to cloud security (e.g., **SOC 2**, **ISO 27001**, **GDPR**, **HIPAA**, **PCI DSS**).
- Mentor engineers and advocate for cloud security across the organization.

## Requirements
- **5+ years** of experience in cloud security engineering, with extensive expertise in **AWS**.
- Demonstrated proficiency with **Kubernetes** security including cluster hardening, **RBAC**, network policies, and container vulnerability management.
- Expert-level knowledge and hands-on experience with **Terraform**.
- Familiarity with **AWS** security services (e.g., **IAM**, **GuardDuty**, **Security Hub**, **CloudTrail**, **WAF**).
- Familiarity with **CNAPP** solutions such as **Wiz**.
- Familiarity with **SIEM** solutions such as **Panther**.
- Solid understanding of secure software development lifecycle practices, **CI/CD** security, and **DevSecOps** methodologies.

## Nice-to-haves
- Relevant certifications such as **AWS Certified Security – Specialty**, **Certified Kubernetes Security Specialist (CKS)**, and **Terraform Associate** certification.
- Bonus points for security certifications from **SANS** or **OffSec**.

## Similar roles

- [Security Engineer](https://hotfix.jobs/jobs/9731ca0c-3722-4ec9-9644-4515044e6890) - Nooks - San Francisco, CA - $200k – $315k/yr
- [Platform Engineer, Security](https://hotfix.jobs/jobs/8ec09390-4b0b-4859-96b3-efafc456226c) - Decagon - San Francisco, CA - $200k – $330k/yr
- [Security engineer, detection and response (US)](https://hotfix.jobs/jobs/98c71ebc-3ff0-469d-9a49-eb98d9aec3ac) - Writer - San Francisco, CA - $200k – $240k/yr
- [Software Engineer, Trust](https://hotfix.jobs/jobs/c95c63b6-81e4-4554-b381-9d38e3dd4801) - Notion - San Francisco, CA - $200k – $280k/yr
- [Infrastructure Engineer, Security](https://hotfix.jobs/jobs/911010b2-5649-4288-bbd0-0172261e1e28) - Thinking Machines Lab - San Francisco, CA - $200k – $475k/yr

**Apply:** https://hotfix.jobs/jobs/129d5ee2-72a3-40cd-951b-25ddb305f0bf
**Canonical:** https://hotfix.jobs/jobs/129d5ee2-72a3-40cd-951b-25ddb305f0bf