Cloud Security Engineer

Cloud Security Engineer

Job Description

We are seeking a proactive, hands-on Cloud Security Engineer to serve as the primary security partner for our Engineering and DevOps teams. In this role, you will be the "North Star" for secure cloud configuration, moving beyond simple alert triaging to building sustainable security foundations. You will bridge the gap between high-level security architecture and daily engineering execution, ensuring our AWS and Azure environments are resilient, compliant, and automated.

Responsibilities

• Cloud Governance & Guardrails: Lead the deployment and optimization of AWS Control Tower, Security Hub, and AWS WAF to establish a secure multi-account strategy.
• Cloud Security Platform Ownership: Own cloud security outcomes across AWS (primary), Azure (secondary), and limited GCP, including secure landing zone standards, guardrails-as-code, detection coverage, and remediation automation.
• Secure-by-Default Engineering: Design and implement reusable, secure-by-default cloud patterns that allow engineering teams to deploy safely without constant security intervention. Establish hardened Terraform modules, reference architectures, and baseline configurations so the secure path becomes the easiest path for teams building in AWS.
• Container Security: Collaborate with the AppSec Architect to secure EKS and ECS environments, focusing on runtime protection, image scanning, and least-privilege orchestration.
• Security Assessment & Roadmap: Perform a comprehensive baseline assessment of the current cloud environment to identify gaps and provide actionable, prioritized recommendations.
• Identity & Access Management: Lead design and enforcement of least-privilege IAM architecture across AWS accounts and workloads.
• Operational Excellence: Develop and maintain secure configuration standards, documentation, and operational procedures that enable engineering teams to consistently deploy and operate cloud services securely.
• Detection & Telemetry Ownership: Partner with security operations to ensure security telemetry from AWS environments is complete, centralized, and actionable (CloudTrail, GuardDuty, VPC Flow logs, etc.)
• Cloud Security & Compliance Alignment: Ensure cloud configurations and controls align with internal security standards and external compliance requirements (ISO 27001, SOC 2, etc.). Partner with Security and GRC teams to implement audit-ready controls, automate evidence collection where possible, and maintain clear documentation of cloud security control coverage.