Skip to content
Mercor

Security Engineer, Cloud Infrastructure

Designs and implements cloud security architectures including multi-account AWS isolation, Kubernetes hardening, and CSPM with Wiz for enterprise tenant separation. Requires 5+ years in cloud/infrastructure security, IaC expertise, and production experience.

130k – 500kSan Francisco, CANew York, NYSecurity EngineeringHybrid5+ YOE
Apply

About the role

What You'll Build

  • Multi-account AWS tenant isolation architecture - dedicated accounts, SCPs, network boundaries, and data segregation for enterprise clients
  • Cloud security posture management using Wiz CSPM - continuous monitoring, misconfiguration detection, and automated remediation
  • Kubernetes security hardening - pod security standards, network policies, secrets management, and runtime protection
  • Infrastructure-as-code security guardrails - Terraform/CloudFormation policies that prevent insecure deployments before they reach production
  • IAM architecture and least-privilege access controls across AWS, Snowflake, and internal services
  • Incident response infrastructure - logging pipelines, forensic readiness, and blast radius containment

What We're Looking For

  • Deep AWS security expertise - you've architected multi-account strategies, written SCPs, and hardened production environments
  • Experience with Kubernetes security in production - not just tutorials, you've secured real clusters running real workloads
  • Strong infrastructure-as-code skills - Terraform, CloudFormation, or Pulumi - you think in code, not console clicks
  • Experience with CSPM/CNAPP platforms (Wiz, Prisma Cloud, or similar) - deploying, tuning, and driving remediation
  • Understanding of network security at the cloud level - VPCs, security groups, transit gateways, PrivateLink
  • You've designed tenant isolation for multi-tenant SaaS - data segregation, compute isolation, network boundaries
  • 5+ years of professional experience in cloud security, infrastructure security, or platform/SRE engineering with a strong security focus

Bonus Points

  • Experience with Snowflake security - schema-level isolation, access controls, data sharing governance
  • Familiarity with container runtime security (Falco, SentinelOne Cloud Workload Protection, or similar)
  • Offensive cloud security skills - you've exploited misconfigurations and understand the attacker's perspective
  • Experience building compliance-ready infrastructure (SOC 2, ISO 27001, FedRAMP)
  • You've handled cloud security incidents - forensics, containment, and root cause analysis in AWS
  • Contributions to open source infrastructure security tools

Skills

AWSKubernetesTerraformWizCspmIAMScpsVpcSecurity GroupsSnowflakeFalco

Similar roles

Security Engineering jobs
Mercor

Security Engineer, Application Security

Owns application security by embedding review workflows in SDLC, building SAST/DAST pipelines in CI/CD, managing vulnerability remediation, and operating bug bounty programs. Requires 5+ years experience finding/fixing vulnerabilities, strong skills in Python/TypeScript/Go, and SAST/DAST tooling.

130k – 500kSan Francisco, CA +1Security EngineeringOn-site5+ YOEGoSnyk
Socket

Threat Analyst

Analyzes software supply chain threats using AI scanners, conducts malware analysis and threat hunting, builds automation tools, and integrates research into products to protect open source ecosystems. Requires 3+ years in security operations and master's degree.

126k – 170kUnited StatesSecurity EngineeringRemote3+ YOELLMsGitHub
Upstart

Infrastructure Security Engineer

Designs and implements security controls for cloud infrastructure, Kubernetes, and deployment systems. Partners with engineering teams to review architectures, automate preventative measures, and remediate vulnerabilities. Requires 3+ years experience, Bachelor's degree, and proficiency in AWS, IaC tools, and programming.

134k – 186kUnited StatesSecurity EngineeringRemote3+ YOEGoAWS
Applied Intuition

Product Security Engineer

Embeds security into product design and development lifecycle by analyzing architectures, conducting threat modeling and assessments, maturing vulnerability management, and guiding developers on secure practices. Requires 5+ years in product/application security with expertise in cloud, containers, and automation tools.

125k – 160kSunnyvale, CASecurity EngineeringOn-site5+ YOEAWSGCP
Applied Intuition

Cloud Security Engineer

Secures multi-cloud infrastructure (AWS, Azure, GCP, OCI) with emphasis on Kubernetes hardening, IAM enforcement, CSPM using Wiz, and IaC security. Requires 5+ years experience, deep AWS and Kubernetes security expertise.

125k – 160kSunnyvale, CASecurity EngineeringOn-site5+ YOEAWSWiz