Skip to content
WorkWaveWorkWaveUnited States

Cloud Security Engineer

Cloud Security Engineer leads secure cloud configurations in AWS (primary), Azure, and GCP, owning governance, IAM, vulnerability management, and secure-by-default patterns for engineering teams. Requires 5+ years experience with deep AWS security expertise and Terraform proficiency.

120k – 145k/yr
Remote5+ YOESecurity Engineering

About the role

Responsibilities

Cloud Governance & Guardrails

  • Lead deployment and optimization of AWS Control Tower, Security Hub, and AWS WAF for secure multi-account strategy.

Cloud Security Platform Ownership

  • Own security outcomes across AWS (primary), Azure (secondary), and limited GCP, including landing zone standards, guardrails-as-code, detection, and remediation automation.

Secure-by-Default Engineering

  • Design reusable secure cloud patterns, hardened Terraform modules, reference architectures, and baseline configurations.

Container Security

  • Secure EKS and ECS environments with runtime protection, image scanning, and least-privilege orchestration.

Security Assessment & Roadmap

  • Perform baseline assessments, identify gaps, and provide prioritized recommendations.

Identity & Access Management

  • Design and enforce least-privilege IAM across AWS accounts and workloads.

Operational Excellence

  • Develop secure configuration standards, documentation, and procedures.

Detection & Telemetry Ownership

  • Ensure complete, centralized security telemetry (CloudTrail, GuardDuty, VPC Flow logs).

Cloud Security & Compliance Alignment

  • Align configurations with ISO 27001, SOC 2; automate evidence collection.

Third-Party Integration

  • Manage secure access for security vendor tools.

Incident Response

  • Participate in on-call rotation; serve as SME for cloud security incidents.

Vulnerability & Exposure Management

  • Build cloud vulnerability program with SLAs, scanning, and patch workflows (AWS Inspector, ECR).

Cloud Security Tooling Ownership

  • Onboard and tune CSPM and MDR integrations.

Secrets, Keys, and Credential Hygiene

  • Implement secure secrets management (Secrets Manager, Parameter Store, Vault), KMS strategy.

CI/CD and Supply Chain Security

  • Secure software delivery pipeline with policy-as-code, artifact integrity.

Cloud Incident Readiness & Exercises

  • Build playbooks and run tabletop exercises.

Multi-Cloud & Hybrid Baselines

  • Establish security baselines for Azure, GCP, hybrid connectivity.

Security Metrics & Continuous Improvement

  • Define and report key metrics.

Leadership and Execution

  • Mentor engineers and provide enablement.

Requirements

  • 5–8+ years in Information Security, 3+ years AWS Cloud Security.
  • Deep AWS experience: IAM, VPC, S3, KMS, GuardDuty, Inspector, Config.
  • Strong Terraform for IaC.
  • Experience securing EKS/ECS.
  • Basic Azure security knowledge.
  • Consultative mindset, collaborative, automation-focused.
  • Bachelor’s degree in CS, InfoSec, or equivalent.
  • Desirable: AWS Certified Security – Specialty, Azure security certs.

Skills

AWSTerraformIAMGuarddutyAws InspectorEKSECSAzureKubernetesCloudtrailSecurity HubAws WafSecrets ManagerKmsCspm
Mintlify

Security & Compliance Operations Manager

MintlifySan Francisco, CA

Own and run Mintlify's end-to-end security and compliance programs (SOC 2, ISO 27001/42001, GDPR, Microsoft SSPA) as the first dedicated GRC Program Manager. Administer Drata, manage audits/vendors/evidence, handle customer-facing compliance, and coordinate with engineering.

120k – 180k/yr
On-site3+ YOESecurity Engineering
Northwood Space

Product Security Manager

Northwood SpaceLos Angeles, CA

Own the full product security lifecycle for space communications systems, from threat modeling and secure architecture to penetration testing, vulnerability management, cryptography, and compliance with FedRAMP, CMMC, and NIST standards. Requires 5+ years of product/application security leadership, deep expertise in SAST/DAST, secrets management, CI/CD hardening, and applied cryptography; TS/SCI clearance eligibility required.

120k – 190k/yr
On-site5+ YOESecurity Engineering
Resend

Security Engineer, Platform

ResendUnited States

As a Security Engineer, Platform, you will be responsible for building and improving the security foundations of Resend’s platform, including API keys, service permissions, and secrets management. You will also help design secure defaults for new services and improve detection and response for suspicious access.

120k – 140k/yr
Remote5+ YOESecurity Engineering
Writer

Security engineer, application security

WriterNew York, NY +1

Builds security into AI platform through threat modeling, SAST/DAST in CI/CD, code reviews, and secure architecture design. Requires 4+ years app sec experience, programming in Python/Java/Go/JS, and DevSecOps tools expertise.

119k – 210k/yr
Hybrid4+ YOESecurity Engineering
Applied Intuition

System Safety Engineer, Autonomy Trucking

Applied IntuitionSunnyvale, CA

Defines and manages safety architecture, requirements, and analysis (FMEA, FTA, STPA) for L4 autonomous trucking software/hardware. Requires 3+ years system safety experience, automotive standards expertise (ISO 26262), and engineering background in ADAS/autonomy.

118k – 250k/yr
On-site3+ YOESecurity Engineering