Cloud Security Engineer
Cloud Security Engineer leads secure cloud configurations in AWS (primary), Azure, and GCP, owning governance, IAM, vulnerability management, and secure-by-default patterns for engineering teams. Requires 5+ years experience with deep AWS security expertise and Terraform proficiency.
Responsibilities
Cloud Governance & Guardrails
- Lead deployment and optimization of AWS Control Tower, Security Hub, and AWS WAF for secure multi-account strategy.
Cloud Security Platform Ownership
- Own security outcomes across AWS (primary), Azure (secondary), and limited GCP, including landing zone standards, guardrails-as-code, detection, and remediation automation.
Secure-by-Default Engineering
- Design reusable secure cloud patterns, hardened Terraform modules, reference architectures, and baseline configurations.
Container Security
- Secure EKS and ECS environments with runtime protection, image scanning, and least-privilege orchestration.
Security Assessment & Roadmap
- Perform baseline assessments, identify gaps, and provide prioritized recommendations.
Identity & Access Management
- Design and enforce least-privilege IAM across AWS accounts and workloads.
Operational Excellence
- Develop secure configuration standards, documentation, and procedures.
Detection & Telemetry Ownership
- Ensure complete, centralized security telemetry (CloudTrail, GuardDuty, VPC Flow logs).
Cloud Security & Compliance Alignment
- Align configurations with ISO 27001, SOC 2; automate evidence collection.
Third-Party Integration
- Manage secure access for security vendor tools.
Incident Response
- Participate in on-call rotation; serve as SME for cloud security incidents.
Vulnerability & Exposure Management
- Build cloud vulnerability program with SLAs, scanning, and patch workflows (AWS Inspector, ECR).
Cloud Security Tooling Ownership
- Onboard and tune CSPM and MDR integrations.
Secrets, Keys, and Credential Hygiene
- Implement secure secrets management (Secrets Manager, Parameter Store, Vault), KMS strategy.
CI/CD and Supply Chain Security
- Secure software delivery pipeline with policy-as-code, artifact integrity.
Cloud Incident Readiness & Exercises
- Build playbooks and run tabletop exercises.
Multi-Cloud & Hybrid Baselines
- Establish security baselines for Azure, GCP, hybrid connectivity.
Security Metrics & Continuous Improvement
- Define and report key metrics.
Leadership and Execution
- Mentor engineers and provide enablement.
Requirements
- 5–8+ years in Information Security, 3+ years AWS Cloud Security.
- Deep AWS experience: IAM, VPC, S3, KMS, GuardDuty, Inspector, Config.
- Strong Terraform for IaC.
- Experience securing EKS/ECS.
- Basic Azure security knowledge.
- Consultative mindset, collaborative, automation-focused.
- Bachelor’s degree in CS, InfoSec, or equivalent.
- Desirable: AWS Certified Security – Specialty, Azure security certs.
Sr. Security Engineer, Incident Response
Technical lead for incident response across multi-cloud infrastructure. Owns triage, containment, automation, and detection tuning using CrowdStrike, Tines, and Cyberhaven DLP. Requires 5+ years in IR/SOC roles.
Sr. Security Engineer, Incident Response
Technical lead for incident response across multi-cloud environments. Owns triage, containment, automation, and detection tuning using CrowdStrike, Tines, and Cyberhaven DLP. Requires 5+ years in IR/SOC roles.
Director, Product Security Engineering
Lead product security initiatives by embedding security into the SDLC, performing threat modeling, building security tooling, and mentoring teams. Requires 8-10+ years of product security experience and deep expertise in cloud, application, and mobile security.