# Security Engineer, Cloud Infrastructure
**Company:** [Mercor](https://hotfix.jobs/companies/mercor)
**Location:** San Francisco, CA, New York, NY
**Salary:** $130K-$500K
**Experience:** 5+ years
**Skills:** AWS, Kubernetes, Terraform, Wiz, Cspm, IAM, Scps, Vpc, Security Groups, Snowflake, Falco
**Posted:** 2026-04-15
> Designs and implements cloud security architectures including multi-account AWS isolation, Kubernetes hardening, and CSPM with Wiz for enterprise tenant separation. Requires 5+ years in cloud/infrastructure security, IaC expertise, and production experience.
## Job Description
## What You'll Build
- Multi-account AWS tenant isolation architecture - dedicated accounts, SCPs, network boundaries, and data segregation for enterprise clients
- Cloud security posture management using Wiz CSPM - continuous monitoring, misconfiguration detection, and automated remediation
- Kubernetes security hardening - pod security standards, network policies, secrets management, and runtime protection
- Infrastructure-as-code security guardrails - Terraform/CloudFormation policies that prevent insecure deployments before they reach production
- IAM architecture and least-privilege access controls across AWS, Snowflake, and internal services
- Incident response infrastructure - logging pipelines, forensic readiness, and blast radius containment

## What We're Looking For
- Deep AWS security expertise - you've architected multi-account strategies, written SCPs, and hardened production environments
- Experience with Kubernetes security in production - not just tutorials, you've secured real clusters running real workloads
- Strong infrastructure-as-code skills - Terraform, CloudFormation, or Pulumi - you think in code, not console clicks
- Experience with CSPM/CNAPP platforms (Wiz, Prisma Cloud, or similar) - deploying, tuning, and driving remediation
- Understanding of network security at the cloud level - VPCs, security groups, transit gateways, PrivateLink
- You've designed tenant isolation for multi-tenant SaaS - data segregation, compute isolation, network boundaries
- **5+ years** of professional experience in cloud security, infrastructure security, or platform/SRE engineering with a strong security focus

**Bonus Points**
- Experience with Snowflake security - schema-level isolation, access controls, data sharing governance
- Familiarity with container runtime security (Falco, SentinelOne Cloud Workload Protection, or similar)
- Offensive cloud security skills - you've exploited misconfigurations and understand the attacker's perspective
- Experience building compliance-ready infrastructure (SOC 2, ISO 27001, FedRAMP)
- You've handled cloud security incidents - forensics, containment, and root cause analysis in AWS
- Contributions to open source infrastructure security tools
**Apply:** https://hotfix.jobs/jobs/security-engineer-cloud-infrastructure-at-mercor-b0117560-de94-4dc1-ba75-291e6344ef60
**Canonical:** https://hotfix.jobs/jobs/security-engineer-cloud-infrastructure-at-mercor-b0117560-de94-4dc1-ba75-291e6344ef60