We’re looking for a hands-on Cloud Security Engineer who loves building, automating, and scaling security in modern cloud environments. In this role, you’ll help design secure-by-default cloud foundations across AWS and Azure, create paved-road patterns that engineering teams actually want to use, and codify guardrails so secure deployment becomes the default—not a bottleneck.
Success in this role means earning trust through automation. You’ll ensure every workload is observable, compliant, and resilient—without slowing innovation.
Responsibilities:
Architect & Automate Secure Cloud Foundations
- Design and maintain secure landing zones and paved-road templates across AWS and Azure (IAM, networking, encryption, logging, monitoring, backups, and key management).
- Build and maintain Infrastructure-as-Code (Terraform, ARM/Bicep, CloudFormation) with embedded security controls.
- Enforce guardrails via CI/CD policy gates and policy-as-code (OPA, Conftest, Terraform Sentinel).
- Implement and manage CSPM/CWPP tooling (e.g., Wiz, Prisma Cloud, Defender for Cloud) to detect misconfigurations and drift.
Secure Identity, Access & Network Boundaries
- Engineer least-privilege IAM and federated access across AWS IAM, Azure AD, and hybrid environments.
- Design zero-trust and private connectivity architectures (Private Link, VPC Peering, Transit Gateways, Azure Virtual WAN).
- Integrate secrets and key management (AWS KMS, Azure Key Vault) into developer workflows and pipelines.
- Establish scalable patterns for cross-account access, conditional access, and machine identities.
Defend, Detect & Respond
- Build and tune cloud-native detections using GuardDuty, Security Hub, Defender, Sentinel, and CloudTrail.
- Develop detection-as-code pipelines for alerts, thresholds, and response actions.
- Partner with SOC and IR teams to improve telemetry, context, and cloud-specific runbooks.
- Implement data protection controls for object and block storage.
Enablement, Governance & Risk
- Translate cloud security risks into clear, actionable engineering guidance.
- Act as a trusted advisor in architecture and design reviews.
- Drive continuous compliance (NIST 800-53, CIS, ISO 27001, SOC 2) through automation and evidence collection.
- Publish dashboards and metrics for security coverage and control health.
- Own triage and prioritization of cloud misconfiguration and vulnerability findings.
Qualifications
- 5+ years of hands-on Cloud Security Engineering experience across AWS and Azure.
- Strong experience with Infrastructure as Code (Terraform, Bicep, or CloudFormation).
- Deep knowledge of IAM, cloud networking, and encryption/key management.
- Experience with cloud-native security tools (Security Hub, GuardDuty, Defender, Sentinel) and CSPM platforms (Wiz, Prisma Cloud, Orca).
- Proven ability to embed security controls into CI/CD pipelines (GitHub Actions, Azure DevOps, Jenkins, GitLab, or Harness).
- Scripting experience (Python, PowerShell, or Bash).
- Practical experience with container (EKS/AKS), serverless, and m
