Principal Cloud Security Engineer
New York City, New York, United States of America
Full Time
2 hours ago
$160,000 - $175,000 USD
Visa Sponsor
Key skills
AWSAzureCloudGoogle Cloud PlatformJenkinsLinuxPythonTerraformBashAIAnalyticsGCPGoogle CloudCircleCITeamCityGitCI/CDCloud SecurityFirewall
About this role
Role Overview
- Design and guide secure architectures across AWS, Azure, and GCP.
- Define and enforce security baselines aligned with NIST 800-53, HITRUST, and CIS Benchmarks
- Lead threat modeling, architecture reviews, and secure design guidance for cloud workloads
- Build and maintain Infrastructure as Code using Terraform (preferred) and cloud-native tooling
- Integrate automated security controls into CI/CD pipelines (SAST, DAST, IaC scanning, container scanning)
- Implement policy-as-code guardrails using tools such as AWS SCPs and cloud-native governance services
- Develop automated remediation and enforcement workflows to reduce manual security effort
- Embed compliance controls directly into cloud infrastructure and pipelines to support ATO efforts
- Partner with compliance teams and auditors on evidence collection and continuous monitoring
- Implement centralized logging, monitoring, and incident response across cloud environments
- Serve as the senior cloud security SME for engineers, architects, and stakeholders
- Mentor engineers on secure cloud development and DevSecOps practices
- Translate complex security concepts to both technical and non-technical audiences
- Provide daily oversight of security operations, to include the security impact analysis of proposed system modifications and implementations.
- Monitor information security tools, including SIEM, system monitors, access control, and other specific cloud security controls
Requirements
- Bachelor’s degree in Computer Science or a related technical field, or equivalent practical experience.
- 8 + years of experience in the support of security-focused tools and services.
- Minimum of 3 years of experience in support of security for Cloud Architectures.
- Technical experience or understanding of commonly used EDR (e.g., SentinelOne, Carbon Black, Trend Micro, Crowdstrike, Microsoft Defender), network firewall (Palo Alto, Fortinet, AWS Firewall, Azure Firewall, Google Cloud Firewall), email security (Mimecast, Proofpoint), and workforce (O365, G Suite) software, technologies and standards.
- Experience with Azure Security Center, AWS Security Hub, or Google Cloud Security.
- Experience with security monitoring solutions (e.g., AWS CloudTrail, Azure Log Analytics, Google Cloud Audit Logs, SIEM, Cloud Security, or Cloud-Scale Monitoring).
- Experience with securing CI/CD pipelines (e.g., Jenkins, git, CircleCI, TeamCity, Checkov, Fugue, Sentinel).
- Experience with scripting and programming languages such as Python, Bash, Jinja, YAML, etc.
- Comfort working in Linux, Windows, and Cloud Provider CLI.
- Willingness to explore and adopt AI tools responsibly to enhance productivity and innovation in your role
Tech Stack
- AWS
- Azure
- Cloud
- Google Cloud Platform
- Jenkins
- Linux
- Python
- Terraform
Benefits
- Competitive health plans
- Paid time-off
- Company paid holidays
- 401K retirement program with a Company elected match
- Other company sponsored programs