Cloud Security Engineer

GENERAL FUNCTION

We are seeking a Cloud Security Engineer with deep expertise in AWS security to join our Information Security team. The ideal candidate will have a strong background in securing cloud environments, designing secure architectures, and implementing security best practices within AWS. This role is responsible for protecting our cloud infrastructure, ensuring compliance, and working closely with DevOps, Engineering, and Security teams to integrate security into cloud operations. The Cloud Security Engineer will be responsible for assessing, developing, and implementing security controls across AWS services, ensuring the security of applications, workloads, and infrastructure deployed in the cloud.

DUTIES/RESPONSIBILITIES

• Design and implement AWS security architectures that align with industry best practices and compliance requirements.
• Assess cloud security risks and enforce security policies across AWS environments.
• Manage and optimize AWS Identity and Access Management (IAM), AWS Organizations, and AWS Control Tower to enforce least privilege access controls.
• Implement and manage AWS security services, including AWS Security Hub, GuardDuty, Macie, Inspector, and WAF.
• Deploy and configure AWS-native encryption solutions, including AWS KMS, CloudHSM, and Secrets Manager for secure key and secret management.
• Integrate and manage AWS logging and monitoring tools, including CloudTrail, CloudWatch, Config, and SIEM integrations for threat detection.
• Ensure network security through secure configurations of AWS VPCs, Security Groups, Network ACLs, AWS Shield, and AWS PrivateLink.
• Work closely with DevOps teams to integrate security controls into CI/CD pipelines using AWS-native and third-party security tools.
• Automate security processes using Terraform, AWS CloudFormation, and Python/Bash scripting to enforce security best practices at scale.
• Implement container and Kubernetes security best practices using AWS EKS, ECS, Fargate, and container scanning solutions.
• Conduct security audits, vulnerability assessments, and penetration testing of cloud infrastructure.
• Ensure compliance with CIS AWS Benchmarks, NIST, ISO 27001, SOC2, PCI-DSS, HIPAA, and other regulatory frameworks.
• Develop and enforce incident response and disaster recovery plans for AWS environments.
• Educate and train internal teams on cloud security best practices and emerging threats.

EDUCATION 

• Bachelor's degree in computer science, cybersecurity, or a related field is preferred
• CISSP certification is a plus

EXPERIENCE

• 10+ years of overall experience, with 4 years of experience in AWS security framework
• Hands-on experience securing AWS environments, including IAM, VPC, EC2, S3, RDS, Lambda, EKS, ECS, Fargate, CloudFront, and Route 53.
• Experience with AWS security services, including AWS Security Hub, GuardDuty, Macie, Inspector, WAF, Shield, CloudTrail, and CloudWatch.
• Strong understanding of network security concepts, including firewalls, VPNs, network segmentation, and DDoS mitigation in AWS.
• Knowledge of encryption, key management, and certificate management using AWS KMS, CloudHSM, and ACM.
• Experience implementing AWS-native security controls and automation using Terraform, CloudFormation, and scripting languages (Python, Bash, or PowerShell).
• Familiarity with container security best practices in AWS environments using EKS, ECS, and container scanning tools.
• Knowledge of Zero Trust security models, identity federation, and role-based access controls (RBAC) in AWS.
• Experience conducting cloud security audits, vulnerability assessments, and penetration testing.
• AWS Security Specialty Certification or other relevant AWS certifications (AWS Solutions Architect, AWS DevOps Engineer).
• Experience with multi-cloud security (Azure, Google Cloud) in addition to AWS.
• Hands-on experience with Infrastructure as Code (IaC) security tools, such as Checkov, tfsec, or Cloud Custodian.
• Experience with serverless security (AWS Lambda security best practices).
• Knowledge of SIEM solutions and security orchestration and automation (SOAR).
• Familiarity with SOC operations, incident response, and forensic analysis in cloud environments.
• Experience with cloud-native WAF solutions (AWS WAF, Cloudflare, Akamai).
• Strong understanding of compliance frameworks such as CIS AWS Benchmarks, NIST, ISO 27001, SOC2, PCI-DSS, and HIPAA.

SKILLS

• Strong problem-solving skills and the ability to work in a fast-paced environment.
• Excellent communication skills, with the ability to work cross-functionally with security, engineering, and DevOps teams.
• Knowledge of AI/ML security risks and governance in AWS.
• Go-Getter Attitude: Proactive and driven to identify and solve security challenges before they become issues.
• Security Champion: Passionate about cloud security and dedicated to spreading security awareness across development and engineering teams.
• Integrity & Ethics: Upholds the highest standards of security and compliance, advocating for security best practices while balancing business needs.
• Strong Communicator: Ability to explain complex security concepts to non-technical stakeholders and influence security decision-making.
• Collaborative Team Player: Works effectively with developers, DevOps, and security teams to integrate security seamlessly into cloud operations.
• Problem Solver: Analyzes security risks and implements effective solutions without slowing down innovation.
• Adaptability & Learning Mindset: Stays up to date with emerging cloud security threats, technologies, and best practices.