Key skills
AWSAzureCloudFirewallsGoogle Cloud PlatformKubernetesPythonTerraformPowerShellGCPGoogle CloudEKSAKSCloudFormationCI/CDCommunicationRemote WorkNetwork SecurityCloud SecurityWAF
About this role
Role Overview
- Design, build, and maintain secure cloud foundations across Azure, AWS and GCP (with deep expertise in at least one).
- Own and evolve Cloud Security Posture Management (CSPM) capabilities, including policies, guardrails, and automated remediation.
- Engineer and maintain cloud network security controls, including network segmentation and isolation, cloud-native firewalls and security groups, Application Gateway / WAF configurations, and secure ingress and egress patterns.
- Define and enforce security best practices for Kubernetes environments (AKS/EKS), including RBAC, network policies, workload isolation, and cluster hardening.
- Partner with engineering teams to perform security architecture reviews and provide guidance for new services, platforms, and major changes, helping engineering teams design secure solutions that meet security best practices and compliance requirements.
- Engineer and maintain identity and access security controls for cloud and production environments, including least privilege, workload identity, service principals, and conditional access.
- Contribute to FedRAMP and regulated environment readiness, including control implementation, evidence automation, and cross-team coordination.
- Build and operate secure cloud automation using Infrastructure as Code (Terraform, Bicep), CI/CD integrations, and policy-as-code.
- Apply a security lens to FinOps, defining guardrails that balance cost optimization with security and compliance.
- Develop tooling, automation, and self-service workflows that reduce manual effort and improve consistency across security programs.
- Act as a senior technical partner to engineering, IT, and compliance teams, contributing to long-term cloud security strategy and standards.
- Mentor junior engineers and contribute to raising the overall security maturity of the organization.
Requirements
- 6+ years of experience in cloud security, security engineering, or cloud platform engineering roles.
- Strong hands-on experience securing cloud-native environments (Azure preferred).
- Hands-on experience securing Kubernetes environments (AKS/EKS) is a strong plus.
- Proven experience with cloud network security, including firewalls, WAFs, network segmentation, and secure connectivity patterns.
- Strong understanding of cloud security architecture, including shared responsibility models, secure service design, and defense-in-depth.
- Experience with preventative security controls, including CSPM, policy enforcement, and secure cloud baselines.
- Solid experience with identity and access management in cloud environments (RBAC, workload identity, service principals).
- Experience contributing to or supporting compliance programs such as FedRAMP, SOC 2, ISO 27001, or NIST frameworks.
- Strong Infrastructure-as-Code skills (Terraform, Bicep, CloudFormation).
- Ability to script or automate using Python, PowerShell, or similar languages.
- Familiarity with CI/CD pipelines and DevSecOps practices.
- Ability to operate independently, own complex problem spaces, and deliver practical, scalable solutions.
- Strong communication skills and comfort providing architecture-level guidance to engineering teams.
Tech Stack
- AWS
- Azure
- Cloud
- Firewalls
- Google Cloud Platform
- Kubernetes
- Python
- Terraform
Benefits
- Health insurance
- 401(k) matching
- Flexible work hours
- Paid time off
- Professional development opportunities
- Remote work options