Senior Cloud Security Engineer
We are seeking a Senior Cloud Security Engineer to own and mature our cloud security posture across AWS and Azure environments. This role is a blend of hands-on technical implementation and strategic governance, with primary responsibility for establishing and maintaining security framework compliance and driving IAM maturity across our cloud platforms and supporting tooling.
As a senior individual contributor, you will be the subject matter expert for cloud security controls, identity and access management strategy, and compliance automation. You will work closely with Cloud Engineering and Information Security teams to embed security into infrastructure and deployment pipelines while ensuring our security practices scale with the business.
Key responsibilities include:
Security Framework Compliance & Cloud Security Controls
• Own the end-to-end implementation, monitoring, and remediation of security framework benchmarks (including CIS) across AWS and Azure environments.
• Conduct regular assessments against security framework controls, identify gaps, and drive remediation plans.
• Develop and maintain security baselines, hardening guides, and configuration standards for cloud resources.
• Translate security framework requirements into actionable Terraform modules and Infrastructure-as-Code guardrails.
Vulnerability & Risk Remediation
• Lead vulnerability identification, assessment, and remediation efforts across cloud infrastructure and workloads.
• Develop and maintain risk scoring methodologies to prioritize remediation based on business impact and threat severity.
• Coordinate with engineering and operations teams to track remediation progress and ensure timely resolution of identified vulnerabilities.
IAM Strategy & Access Management
• Assess the current state of IAM across AWS, Azure, and integrated tooling (CI/CD platforms, SaaS applications, identity providers).
• Develop and execute a comprehensive IAM maturity roadmap covering least-privilege enforcement, role-based access, service account governance, and access reviews.
• Design and implement centralized identity federation, SSO, and conditional access policies across cloud and hybrid environments.
• Define and enforce privilege escalation controls, break-glass procedures, and just-in-time access patterns.
Security Engineering & Automation
• Write Python and PowerShell scripts to automate security assessments, remediation workflows, and compliance reporting.
• Build and maintain Terraform modules that enforce security controls as code, integrated into CI/CD pipelines.
• Partner with Cloud Operations and DevOps to embed security checks into deployment and change management workflows.
Governance & Cross-Functional Leadership
• Serve as the security subject matter expert for cloud architecture reviews and change advisory processes.
• Provide guidance and mentorship to Cloud Operations and Engineering teams on security best practices.
• Lead incident response activities related to cloud security events and contribute to post-incident reviews.
• 8+ years of experience in cloud security, infrastructure security, or security engineering roles.
• Deep hands-on experience with both AWS and Azure security services, architecture, and best practices.
• Demonstrated experience implementing and managing security frameworks (e.g., CIS, NIST, SOC 2) at scale in cloud environments.
• Strong background in IAM design and implementation, including federation (SAML, OIDC), RBAC, ABAC, and privileged access management.
• Proficiency in Python and PowerShell for security automation and scripting.
• Hands-on experience with Terraform for infrastructure-as-code, including writing custom modules and policies.
• Experience with compliance automation and cloud security posture management (CSPM) tools.
• Strong understanding of networking, encryption, secrets management, and cloud-native security controls.
• Excellent written and verbal communication skills, with the ability to present security strategies to both technical and executive audiences.
• +90% Englishwritten and oral (at least B2 level) with excellent communication skills
